When ProxySG SSL intercepts a connection, it sends a emulated certification with keysize 1024, causing the client to reject the certificate and sending error message: unsupported certificate.
Release : SGOS running 188.8.131.52 or older
Component : ProxySG SSL Interception
ProxySG has a hidden command to force emulated certificate keysize. By default, the setting is set to auto so that ProxySG will use the same keysize the upstream server uses. It has been noted, that in older versions of 6.7.4.x, the keysize is 1024 bit. With robust applications, hosts expect stronger ciphers with keysize 2048.
From ProxySG CLI configure terminal, change the key either to 2048 or auto as you see below example:.
proxy#(config ssl)proxy force-emulated-cert-keysize 2048
or use command:
proxy#(config ssl)proxy force-emulated-cert-keysize auto
Certificates are stored in cache until TTL expires. You will need to clear the certificate cache, please run the following command so that a reboot of the device is not required: