Error "Server certificate signed by unknown CA" when updating the Blue Coat WebFilter database


Article ID: 167434


Updated On:


ProxySG Software - SGOS


You see the following error when updating Blue Coat WebFilter (BCWF) using the default URL that uses HTTPS. If you use HTTP, you do not see this error.

Download log:
  Blue Coat download at: 2011/04/11 18:11:53 +0000
  Downloading from
  Requesting differential update
      ERROR: Server certificate signed by unknown CA
  Requesting full database
      ERROR: Server certificate signed by unknown CA
  Download failed


Install the missing CA Certificate and restart the database download:

  1. Download the certificate entrust_2048_ca.cer. (It is attached to this article.)
  2. Import the certificate into the ProxySG appliance CA Certificates (Configuration > SSL > CA Certificates) and give it the name" entrust_2048_ca".
  3. Add the certificate to the browser-trusted list (CA Certificate Lists > Browser-trusted).
  4. Apply the configuration changes.
  5. Restart the download of the BCWF database and view the download status to make sure that the download is working properly.
Make sure that the CCL for the default 'Device Profiles' is 'browser-trusted' (Configuration > SSL > Device Profiles).



entrust_2048_ca.cer get_app