View Cloud SWG Certificate to confirm it is current with expiration date of 05 Sep 2036

Cloud SWG + CASB Gateway in various traffic steering configuration possibilities

The original SSL interception root certificate used by the Cloud Secure Web Gateway (formerly known as WSS) expired September 5, 2021. Clients that were not updated will experience certificate validation errors which will disrupt access to TLS/SSL encrypted content. A Cloud SWG client includes any device that forwards traffic to Cloud SWG. The new certificate is valid until September 5, 2036.

Installing WSS Agent v7.1.1 or newer automatically installs the new certificate. Alternatively, the replacement certificate is available for download on the Cloud SWG portal. Both old and new certificates may coexist indefinitely. However, per certificate management best practices, we strongly recommend removing the expired certificate as soon as it is replaced with the new certificate.

After taking appropriate Action for your specific configuration to install a new WSS certificate you can confirm that you have the correct WSS Certificate on an endpoint by:

1. Opening up "Certificate Manager" on an affected Windows End Point.

2. Search for "Cloud Services Root CA" and confirm that it shows an expiration date of 09 05 2036

https://knowledge.broadcom.com/external/article/200314