Meraki

Community

http://ocsp.digicert.com categorized as a Malware Site

Solved
milep
Conversationalist
‎Dec 19 2017 3:28 AM
‎Dec 19 2017 3:28 AM

http://ocsp.digicert.com categorized as a Malware Site

Hi All,

I keep getting logs that the site ocsp.digicert.com/* is being blocked because it's a malware site, which is kinda strange for me, since DigiCert is world renowed CA and OCSP is the Online Certificate Status Protocol.

 

Any suggestions or advice on this topic?

 

Regards,

Mile

0 Kudos
1 Accepted Solution
MerakiDave
Meraki Employee
Meraki Employee
‎Dec 19 2017 8:56 AM
‎Dec 19 2017 8:56 AM

That's certainly a valid site, and should get categorized as "Computer and Internet Security , Business and Economy".  You can do a Webroot BrightCloud URL lookup on http://brightcloud.com/tools/url-ip-lookup.php and you can also go to the "Content Filtering" page in Dashboard and use the URL lookup tool there, make sure they're giving identical results.  Might be best to open a case with Meraki Support, they may be aware and seeing other similar cases, and can advise if there might be an open case with the Webroot BrightCloud threat intelligence team.  I've seen this once before in the past, there was a BrightCloud categorization issue with sites like digicert.com, globalsign.com, omniroot.com that incorrectly categorized them as malicious sites, but it was quickly resolved, like within a day or two.

View solution in original post

4 Replies 4
MerakiDave
Meraki Employee
Meraki Employee
‎Dec 19 2017 8:56 AM
‎Dec 19 2017 8:56 AM

That's certainly a valid site, and should get categorized as "Computer and Internet Security , Business and Economy".  You can do a Webroot BrightCloud URL lookup on http://brightcloud.com/tools/url-ip-lookup.php and you can also go to the "Content Filtering" page in Dashboard and use the URL lookup tool there, make sure they're giving identical results.  Might be best to open a case with Meraki Support, they may be aware and seeing other similar cases, and can advise if there might be an open case with the Webroot BrightCloud threat intelligence team.  I've seen this once before in the past, there was a BrightCloud categorization issue with sites like digicert.com, globalsign.com, omniroot.com that incorrectly categorized them as malicious sites, but it was quickly resolved, like within a day or two.

In response to MerakiDave
Adam
Kind of a big deal
‎Dec 19 2017 9:54 AM
‎Dec 19 2017 9:54 AM

In the meantime you can also probably just whitelist it.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to MerakiDave
milep
Conversationalist
‎Dec 20 2017 1:18 AM
‎Dec 20 2017 1:18 AM

Yes, both the Meraki URL Lookup tool and BrightCloud URL Lookup tool provide the same result - Computer and Internet Securry, Business and Economy.
I'll open a case with Meraki support and meanwhile upgrade the firmware of the security appliance.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 19 2017 11:08 AM
‎Dec 19 2017 11:08 AM

There was a lot of problems in the 12.xx code not applying content filtering correctly.  Try selecting the "Top Sites Only" under:
Security Appliance/Content Filtering

 

Or better yet, upgrade to 13.28, which works well.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.