Validity Period of SSL Certificate seen on the Web Browser does not match that of the Sub CA certificate used of SSL interception on Edge SWG (ProxySG)
search cancel

Validity Period of SSL Certificate seen on the Web Browser does not match that of the Sub CA certificate used of SSL interception on Edge SWG (ProxySG)

book

Article ID: 261975

calendar_today

Updated On:

Products

ProxySG Software - SGOS Advanced Secure Gateway Software - ASG ISG Proxy

Issue/Introduction

You have enabled SSL interception on Edge Secure Web Gateway (Edge SWG) or ProxySG. Looking at the website certificate in the web browser, you have verified that the certificate is issued by the Sub CA on the Edge SWG keyring. However, the validity period for the web site certificate does not match that of the Sub CA certificate. See example below:

Website Certificate Issued:

SSL Keyring certificate used for interception:

 

Cause

This behavior is expected.

Resolution

The web server certificate (the one you see on the browser) is actually generated by the ProxySG dynamically at runtime emulating the original SSL certificate of the WebServer. Hence the issue date & expiry date of the website certificate will differ from the Sub CA certificate used for interception.

Powered by Wolken Software