You see the following error when updating Blue Coat WebFilter (BCWF) using the default URL that uses HTTPS. If you use HTTP, you do not see this error.

Download log:
  Blue Coat download at: 2011/04/11 18:11:53 +0000
  Downloading from https://list.bluecoat.com/bcwf/activity/download/bcwf.db
  Requesting differential update
  Fetching:
    https://list.bluecoat.com/bcwf/activity/download/bcwf.db?installed_version=311010300
      ERROR: Server certificate signed by unknown CA
  Requesting full database
  Fetching:
    https://list.bluecoat.com/bcwf/activity/download/bcwf.db
      ERROR: Server certificate signed by unknown CA
  Download failed

Install the missing CA Certificate and restart the database download:

1. Download the certificate entrust_2048_ca.cer. (It is attached to this article.)
2. Import the certificate into the ProxySG appliance CA Certificates (Configuration > SSL > CA Certificates) and give it the name" entrust_2048_ca".
3. Add the certificate to the browser-trusted list (CA Certificate Lists > Browser-trusted).
4. Apply the configuration changes.
5. Restart the download of the BCWF database and view the download status to make sure that the download is working properly.

Make sure that the CCL for the default 'Device Profiles' is 'browser-trusted' (Configuration > SSL > Device Profiles).