If a ProxySG is configured to be both a forward and a reverse proxy, and SSL intercept is not being used, it is possible to see the untrusted certificate errors when the forward proxy accesses a HTTPS site.
Even though SSL intercept is not being used, if a reverse proxy is configured, the SSL component of SGOS is active and can detect an untrusted certificate.
In order to prevent this error, an SSL Access layer can be added, with a rule to prevent server certificate checking. It is not necessary to have an SSL Intercept layer.
To complete this action:
- From Policy > Add SSL Access Layer
- Right Click the Action value and select Set
- Select New > Set Server Certificate Validation
- Select Disable server certificate validation > Select OK > Select OK
- Select Install policy