Enable SSL Intercept on the ProxySG with an imported Certificate from a third-party Certificate Authority.
After you added the certificate to Proxy Settings > SSL Proxy (SSL interception on exception and default SSL interception certificate) and hit Apply you get the below error.
"Keyring does not have a certificate authority's certificate"
The imported Certificate is not a subordinate CA certificate. The SSL intercept certificate must have the Basic Constrain CA=true
extension, Certificate Revocation List (CRL) and certificate sighing Key Usages.
For more information about the SSL Certificate requirement, refer to Article ID: 167385
A self-signed certificate on the ProxySG can also be used for SSL interception without the need to retrieve a certificate from a root CA, but would need to be installed in the browser as a Trusted Root Certification Authority.