ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Certificate issue on MAC while using proxySG

book

Article ID: 224582

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction


On MAC OS system, getting NET::ERR_CERT_WEAK_KEY error for multiple sites. 

Cause

ProxySG emulate certificate size less the 2048

Environment

ProxySG was SSL interception enabled.  

Resolution

As per Apple updated documentation below 2048 key size is needed. 
 https://support.apple.com/en-us/HT210176 


In proxy, we can force 2048 key size with the below command. 
proxy#(config ssl)proxy force-emulated-cert-keysize 2048

Also, we need to clear the certificate cache using the command 

ProxySG#(config ssl)clear-certificate-cache

and then reboot the MAC to clear any cache it has.