When navigating to sites signed by "AddTrust External CA Root" while going through a ProxySG or Advance Secure Gateway (ASG), the user will be denied access with the error message: "Expired SSL Server Certificate (ssl_server_cert_expired)".

Expired Root Certificate

To ensure simpler maintenance,follow these recommendations:

-Do not use same Common Name for generated certificates from PKI

-Remove all Root CA certificates that have a "X509v3 Authority Key Identifier". This is not required and is causing a circular chain. 

- Remove all expired certs from the Proxy CA