SSLv is presenting invalid certificates, specifically with Comodo and Addtrust root certificates.


Article ID: 191990


Updated On:


SV-3800 SV-2800 SV-800 SV-1800 SSL Visibility Appliance Software


When going to sites using AddTrust External CA Root and UserTrust_RSA, while going through a SSLV the session may get resigned by an untrusted certificate due to a certificate chain validation error. 


AddTrust CA Root and UserTrust_RSA certificate expired on May 30th, 2020.  Investigating possible issue with handling of cross-signed certificates.


SSLV inspecting traffic with certificate validation enabled. 


A new trust package was released on June 2, 2020 that removes the expired certificates. Download the new trust package from the SSLV UI under PKI -> External Certificate Authorities -> Trust Package Update Status. 

If updated successfully the following message will be displayed, "Updated with new package". 

To verify which certificates were removed navigate to Monitor -> System log and search for "download_trust" by clicking on the magnifying glass.  

Additional Information