Support Center > Search Results > SecureKnowledge Details
Outbound HTTPS Inspection of self-signed certificate websites fails with various errors Technical Level
Symptoms
  • Outbound HTTPS Inspection of self-signed certificate websites may fail with various errors:

    - CRL Validations failure logs
    - Self-Signed certificate failure logs
    - HTTPS Validation failure logs or Reject logs
Cause

By design, when HTTPS Inspection is enabled, CRL Validation is also enabled by default.

Therefore, inspecting traffic towards a website that owns a self-signed certificate (without a Root-CA / Sub-Root-CA) will fail because of the CRL Validation feature, which validates expiry, all certificate chains and their order, trust state, and more.


Solution
Note: To view this solution you need to Sign In .