The error occurs when the custom SSL certificate used for SSL interception does not have a valid CA attribute. Such certificates where valid prior to SGOS 6.5.x because certificate validation was not as strict. Changes made in SGOS 6.5.x has have strengthened the certificate validation process.

To verify that the certificate has the necessary attributes:

1. Download the SSL certificate to the local workstation (https://x.x.x.x:8082/SSL/Download_ca).
2. Double-click the certificate to open it and select the Details tab.
3. Scroll to the Basic Constraints field. 
4. Determine if the certificate is signed correctly.
   • If it shows a valid CA attribute (Subject Type=CA), it is signed correctly.
   • If you receive a "Subject Type=End Entity" message, it must be signed again by your internal CA ensuring the Sub CA attribute is selected. See "Setting up HTTPS / SSL Forward Proxy with an Intermediate internal Certificate Authority" (TECH242663).