The ProxySG caches server certificates if SSL Interception is in use.
If SSL Interception is not enabled, the ProxySG does not cache server certificates.
If SSL Interception is enabled, the ProxySG caches the server certificate for two hours(default) from last use. The ProxySG appliance does this as it doesn't need to open thousands of connections to the OCS simply because the ProxySG now has visibility to the objects, and it can serve it directly. It's also for fast SSL interception; the ProxySG uses the current cached certificate, without the need to do the SSL handshake again.
If you get a certificate error for any unknown reason, delete the cached certificates, then try to browse again. To delete the certificate cache, please refer to this 000010271.
Imported Document ID: 000009104
Subscribing will provide email updates when this Article is updated. Login is required.