Understanding resigned certificates expiration dates


Article ID: 169272


Updated On:


SSL Visibility Appliance Software Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


In the certificate information that the browser displays for a web site, you might see an expiration date that is different from the resigning Certificate Authority (CA) certificate. This is because, in an environment where a ProxySG appliance or an SSLV appliance performs SSL interception using certificate resigning, the appliance resigns the server certificate using a CA certificate and CA private key installed on the device.

Refer to the following certificate details in the browser:

User-added image

The Details tab shows the Certificate Hierarchy and the information of the resigning CA certificate.

User-added image