There is one common mistake when scanning SSL website using Qualysguard. The admin forgot to map the SSL website FQDN name with the website public ip before started Vulnerability Scan.

Here is what happened.

When admin trying to use a ip to scan a https website with a proper SSL certificate installed , the report usually gives out a “SSL Certificate – Subject Common Name Does Not Match Server FQDN” severity 2 vulnerability as shown below.

It is obviously you will have this error. It just like you are visiting a https website using its public ip, you will get a NET::ERR_CERT_COMMON_NAME_INVALID warning message:

Actually there is a easy fix in Qualys platform.

You just need to add an IP Address, Port and FQDNs under VM > Assets > Virtual Hosts. 

After that, re-launch the scan, this kind of vulnerabilities should be gone now.

By Jonny

Leave a Reply