search cancel

Installing SSL Intercept Layer and receive error "Keyring does not have a certificate authority's certificate"


Article ID: 172213


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


Enable SSL Intercept on the ProxySG with an imported Certificate from a third-party Certificate Authority.

After you added the certificate to Proxy Settings > SSL Proxy (SSL interception on exception and default SSL interception certificate) and hit Apply you get the below error.

"Keyring does not have a certificate authority's certificate"



The imported Certificate is not a subordinate CA certificate.The SSL intercept certificate must have the Basic Constrain CA=true extension,Certificate Revocation List (CRL) and certificate sighing Key Usages.

For more information about the SSL Certificate requirement, refer to TECH243236


A self-signed certificate on the ProxySG can also be used for SSL interception without the need to retrieve a certificate from a root CA, but would need to be installed in the browser as a Trusted Root Certification Authority.