Newly updated Symantec Messaging Gateway Control Center HTTPS certificate is not updating for connecting browsers.


Article ID: 156194


Updated On:


Messaging Gateway


After renewing an HTTPS certificate and selecting the certificate in Administration  >  Control Center  >  Certificates, there is still a problem connecting securely to the Control Center when logging in to Symantec Message Gateway (SMG). The browser continues to reference the old certificate information even after restarting the Control Center service.

"The Connection is Untrusted" when logging in with Firefox.

"There is a problem with this website's security certificate" when logging in with Internet Explorer (version 7, 8 &  9)



The Control Center caches certificate information and changing the certificate used will not update until the Control Center service has restarted. In the case of a certificate update, however, the Control Center will not update the cache so restarting the service alone does not correct the issue.



This issue has been addressed in Symantec Messaging Gateway version 10.0.1-2.

To work around this issue for versions older than 10.0.1-2, you need to modify the certificate that is used by the Control Center, and then restart the Control Center service.

  1. Log in to Control Center web interface (you may have to bypass the certificate error to log in).
  2. Navigate to Administration  >  Control Center  >  Certificates
  3. In the Control Center Certificate section, select "Demo Certificate".
  4. Click save to force the certificate to update.
  5. Next, re-select the updated certificate again.
  6. Click Save once more so the Control Center uses the updated certificate.
  7. Log into the Control Center Command Line Interface (CLI) as admin.
  8. Enter the following command to restart the Control Center service:
    • service controlcenter restart
  9. Wait until the service has fully restarted, then test the web interface login.


Applies To

Symantec Message Gateway 9.5.

This affects updated certificates that were issued using a previous Certificate Signing Request, which just updates a previously installed certificate information.