Subordinate CA certificate does not work correctly with the Web Gateway Decryption Proxy.

book

Article ID: 158042

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

A subordinate CA certificate is installed on a SWG configured as a proxy with the SSL Deep inspection proxy enabled. Only the Root CA certificate is installed in the trusted root CA store of the client machines. Users see certificate errors when connecting to HTTPS websites.

Users see certificate errors when connecting to HTTPS websites.

Cause

When SWG resigns the Subordinate CA certificate, it does not include the certificate chain details.

Resolution

Symantec are aware of this issue and are looking into it. This document will be updated when further information is available.

The workaround to this issue is to import the Subordinate CA certificate into the users certificate store.