There are times when after renewing an expired CA certificate and re-importing the valid certificate, that the "ssl_server_cert_untrusted_issuer" still persists.
Testing with a direct Internet connection shows that the browser does not receive the "ssl_server_cert_untrusted_issuer" error.
By default, the SSL Proxy trusts the "browser-trusted" CCL server certificate (Management console - Configuration - Proxy Settings - SSL Proxy). The "browser-trusted" CCL consist of most ,if not all, public server certificates.
Hence, the newly imported certificate needs to be added into "browser-trusted" CCL before it will be trust by ProxySG's SSL Proxy. This can be accomplished with the following steps.
Note: A new feature which automatically updates the CA list was introduced in SGOS 6.3. Please visit KB4826 for more information