search cancel

Apple apps fail when passing through the ProxySG Appliance


Article ID: 168649


Updated On:


ProxySG Software - SGOS


IMessaging connects to a server using the certificate * which is signed by Apple Root CA. 

Apple Root CA is not a CA that common browsers trust. Moreover the ProxySG appliance does not trust it by default and will terminate the connection with a certificate warning (untrusted issuer).



The Signing cert for * is not trusted by the ProxySG appliance by default.


Import the Apple Root CA into the ProxySG CA certificate list:

  1. Download the Apple Root CA (attached below). 
  2. Click Configuration > SSL > CA Certificates > Import.
  3. Open the Apple Root CA in an text editor then copy everything including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
  4. Name the cert AppleRoot then click OK.
  5. Click on CA Certificate Lists tab.
  6. Select browser-trusted and then click Edit.
  7. Select AppleRoot from the left column and click Add >> to add it to the right column.
  8. Click OK and then Apply.


An issue of this nature can also be encountered when Apple devices need to access other sites such as the following:


Apple Root CA get_app