Support Center > Search Results > SecureKnowledge Details
Improved handling of trusted CAs certificates when HTTPS inspection is enabled
Symptoms
  • Websites that use "Staat der Nederlanden Root CA - G2" certificate, fail to open with HTTPS Inspection.

  • Downloading the "Staat der Nederlanden Root CA - G2" certificate and importing it manually into the Trusted CA List ('SmartConsole > HTTPS Inspection > Advanced > Trusted CA > Import') resolves the issue.

    Note: Use "Update certificate list" option.

  • Debug of WSTLSD daemon (as per sk105559) shows:
    cptls_Validation::CallBackOnFailed: result: -1001, error_level: 0
    cptls_Validation: Chain is NOT trusted !!

  • Examples of sites that use "Staat der Nederlanden Root CA - G2" certificate:
    https://webmail.kpnmail.nl
    https://www.belastingdienst.nl
    https://mijn.kadaster.nl
    https://tenderned.nl
    https://www.overheid.nl
    https://geodata.nationaalgeoregister.nl
    https://www.bodemplus.nl

Cause

The Trusted CA list is held on the Security Gateway, and due to a change in the list, it fails to correctly read the "Staat der Nederlanden Root CA - G2" certificate. As a result, it displays the certificate as "Not Trusted".


Solution
Note: To view this solution you need to Sign In .