Adding ProxySG CA certificate to the trusted CA list in Linux


Article ID: 170368


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


Linux machine is showing certificate validation failed when it tries fetch updates


In SSL Interception, adding the CA certificate in Browser CA cache will make the browser to trust the certificate. In the case of Linux, the machine is also having a separate CA bundle and need to be updated if connection is expected to be intercepted. Follow the below steps to update the ca-bundle of linux machine.

Given a CA certificate file 'proxycert.crt', follow below steps for respective versions



  1. Create a directory for proxysg CA certificate in /usr/share/ca-certificates

sudo mkdir /usr/share/ca-certificates/proxysg

  1. Copy the '.crt' file to the directory

sudo cp proxycert.crt /usr/share/ca-certificates/proxysg/proxycert.crt

  1. Add the '.crt' file's path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf

sudo dpkg-reconfigure ca-certificates

  1. Update the installed CA's

sudo update-ca-certificates



  1. Copy the 'proxycert.crt' file to any temp folder
  2. Navigate to Certs directory

cd /etc/pki/tls/certs/

  1. Make a copy of ca-bundle.crt file for backup

cp ca-bundle.crt ca-bundle.crt.bak

  1. Add the ProxySG CA certificate to the ca-bundle.crt by running the below command

openssl x509 -text -in /path/to/proxycert.crt >> /etc/pki/tls/certs/ca-bundle.crt