SWG Deep Inspection with subordinate CA doesn't include the certificate chaining information when re-signing traffic for client browsers

book

Article ID: 158735

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

When SWG Deep Inspection is installed with subordinate CA certificate and acts as a server, it doesn't include the certificate chaining information.

 

Cause

SWG doesn't include the certificate chaining information in its server cert context.
 

Resolution

Upgrade to SWG5.2.0. Starting with SWG5.2.0, SWG includes the certificate chaining information. If you are not able to upgrade immediately, workaround this behavior by importing the sub-CA to all clients.

 

 


Applies To

  • SWG is in PROXY mode or INLINE+PROXY mode
  • On Administration> Configuration, on the Proxy tab, SSL Deep Inspection proxy is enabled.
  • On Administration> Configuration, on the Proxy tab, the "Imported Certificate" radio button is selected.
  • On Administration> Configuration, on the Proxy tab, clicking the Export button yields a certificate signed by a subordinate CA