Error "Server certificate signed by unknown CA" when updating the Blue Coat WebFilter database

book

Article ID: 167434

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You see the following error when updating Blue Coat WebFilter (BCWF) using the default URL that uses HTTPS. If you use HTTP, you do not see this error.

Download log:
  Blue Coat download at: 2011/04/11 18:11:53 +0000
  Downloading from https://list.bluecoat.com/bcwf/activity/download/bcwf.db
  Requesting differential update
  Fetching:
    https://list.bluecoat.com/bcwf/activity/download/bcwf.db?installed_version=311010300
      ERROR: Server certificate signed by unknown CA
  Requesting full database
  Fetching:
    https://list.bluecoat.com/bcwf/activity/download/bcwf.db
      ERROR: Server certificate signed by unknown CA
  Download failed

Resolution

Install the missing CA Certificate and restart the database download:

  1. Download the certificate entrust_2048_ca.cer. (It is attached to this article.)
  2. Import the certificate into the ProxySG appliance CA Certificates (Configuration > SSL > CA Certificates) and give it the name" entrust_2048_ca".
  3. Add the certificate to the browser-trusted list (CA Certificate Lists > Browser-trusted).
  4. Apply the configuration changes.
  5. Restart the download of the BCWF database and view the download status to make sure that the download is working properly.
Make sure that the CCL for the default 'Device Profiles' is 'browser-trusted' (Configuration > SSL > Device Profiles).


 

Attachments

entrust_2048_ca.cer get_app