SSLv is presenting invalid certificates, specifically with Comodo and Addtrust root certificates.
Article ID: 191990
Updated On:
Products
SV-3800
SV-2800
SV-800
SV-1800
SSL Visibility Appliance Software
Issue/Introduction
When going to sites using AddTrust External CA Root and UserTrust_RSA, while going through a SSLV the session may get resigned by an untrusted certificate due to a certificate chain validation error.
Environment
SSLV inspecting traffic with certificate validation enabled.
Cause
AddTrust CA Root and UserTrust_RSA certificate expired on May 30th, 2020. Investigating possible issue with handling of cross-signed certificates.
Resolution
A new trust package was released on June 2, 2020 that removes the expired certificates. Download the new trust package from the SSLV UI under PKI -> External Certificate Authorities -> Trust Package Update Status.
If updated successfully the following message will be displayed, "Updated with new package".
To verify which certificates were removed navigate to Monitor -> System log and search for "download_trust" by clicking on the magnifying glass.
If updated successfully the following message will be displayed, "Updated with new package".
To verify which certificates were removed navigate to Monitor -> System log and search for "download_trust" by clicking on the magnifying glass.
Additional Information
Feedback
Yes
No
Powered by
