When navigating to sites signed by "AddTrust External CA Root" while going through a ProxySG or Advance Secure Gateway (ASG), the user will be denied access with the error message: "Expired SSL Server Certificate (ssl_server_cert_expired)".
Expired Root Certificate
To ensure simpler maintenance,follow these recommendations:
-Do not use same Common Name for generated certificates from PKI
-Remove all Root CA certificates that have a "X509v3 Authority Key Identifier". This is not required and is causing a circular chain.
- Remove all expired certs from the Proxy CA