The purpose of this article is to provide an explanation and possible workarounds for the issue in which this error message prevents the proxy from downloading the Intelligence Services database:
"Server certificate signed by unknown CA"
This issue occurs when there is a device between the proxy and the destination server that is providing a certificate that the proxy does not trust by default. This can occur when there are two proxies in a chain environment.
In order to prevent this from happening, the following procedures can be performed:
-Install the certificate from the external device into the proxy's CA certificates list and then to the browser-trusted CCL.
-Disable SSL Interception in the upstream device for this particular request, so that the certificate that the internal proxy sees is the original one.
-(If the upstream proxy is Transparent) Add the IP that resolves to the Intelligence Services database to the Static Bypass List. This assumes there is a ProxySG or ASG providing this certificate.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.