You see the following error when updating Blue Coat WebFilter (BCWF) using the default URL that uses HTTPS. If you use HTTP, you do not see this error.
Download log:
Blue Coat download at: 2011/04/11 18:11:53 +0000
Downloading from https://list.bluecoat.com/bcwf/activity/download/bcwf.db
Requesting differential update
Fetching:
https://list.bluecoat.com/bcwf/activity/download/bcwf.db?installed_version=311010300
ERROR: Server certificate signed by unknown CA
Requesting full database
Fetching:
https://list.bluecoat.com/bcwf/activity/download/bcwf.db
ERROR: Server certificate signed by unknown CA
Download failed
Install the missing CA Certificates and restart the database download:
Using openssl we can see that currently there is and Intermediate and Root Issuer for the https://lists.bluecoat.com site.
openssl s_client -showcerts -servername list.bluecoat.com -connect list.bluecoat.com:443 </dev/null
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
depth=0 C = US, ST = California, L = San Jose, O = Broadcom Inc, CN = list.bluecoat.com
Make sure that the CCL for the default 'Device Profiles' is 'browser-trusted' (Configuration > SSL > Device Profiles).