When ProxySG SSL intercepts a connection, it sends a emulated certification with keysize 1024, causing the client to reject the certificate and sending error message:  unsupported certificate.

Release : SGOS running 6.7.4.14 or older

Component : ProxySG SSL Interception

ProxySG has a hidden command to force emulated certificate keysize.  By default, the setting is set to auto so that ProxySG will use the same keysize the upstream server uses.  It has been noted, that in older versions of 6.7.4.x, the keysize is 1024 bit.  With robust applications, hosts expect stronger ciphers with keysize 2048.

From ProxySG CLI configure terminal, change the key either to 2048 or auto as you see below example:.

proxy>enable
proxy#conf t
proxy#(config)ssl
proxy#(config ssl)proxy force-emulated-cert-keysize 2048

or use command:

proxy>enable
proxy#conf t
proxy#(config)ssl
proxy#(config ssl)proxy force-emulated-cert-keysize auto

Certificates are stored in cache until TTL expires.  You will need to clear the certificate cache, please run the following command so that a reboot of the device is not required:

ProxySG#(config)en
ProxySG#(config)conf t
ProxySG#(config)ssl
ProxySG#(config ssl)clear-certificate-cache