Bypass server certificate validation using the ProxySG Visual Policy Manager

book

Article ID: 166313

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

When attempting to access HTTPS sites, a ProxySG returns "SSL untrusted issuer" message. This can occur if a ProxySG is unable to validate the web server certificate issuer.

Resolution

A workaround for this issue is to Add a rule within the ProxySG Visual Policy Manager to bypass or not perform server certificate validation for all sites or just one site.  

To Disable server certificate validation for all web sites in Explicit and Transparent proxy deployment:

  1. Launch the Visual Policy Manager
  2. Add SSL Access Layer
  3. Add a new rule
  4. Leave Source as Any
  5. Leave Destination as Any
  6. Right·click under Action column -> Set... -> New... -> Set Server Certificate Validation...
  7. Select Disable server certificate validation
  8. Click OK -> Install policy


To Disable server certificate validation for one website in Explicit and Transparent proxy mode:

  1. Launch the Visual Policy Manager
  2. Add SSL Access Layer
  3. Add a new rule
  4. Leave Source as Any
  5. Right·click under Destination column -> Set... -> New... -> Request URL...
  6. Type in the hostname of the website
  7. Click Add -> Click Close -> Click OK
  8. Right·click under Action column -> Set... -> New... -> Set Server Certificate Validation...
  9. Select Disable server certificate validation
  10. Click OK -> Install policy