A subordinate CA certificate is installed on a SWG configured as a proxy with the SSL Deep inspection proxy enabled. Only the Root CA certificate is installed in the trusted root CA store of the client machines. Users see certificate errors when connecting to HTTPS websites.
Users see certificate errors when connecting to HTTPS websites.
When SWG resigns the Subordinate CA certificate, it does not include the certificate chain details.
Symantec are aware of this issue and are looking into it. This document will be updated when further information is available.
The workaround to this issue is to import the Subordinate CA certificate into the users certificate store.