Inbound HTTPS Inspection with a certificate issued by a third party CA shows browser error

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk98025
Technical Level
Product	Application Control, URL Filtering, Quantum Security Gateways, HTTPS Inspection
Version	R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.30 (EOL), R80.40, R81
Date Created	05-Jan-2014
Last Modified	18-May-2022

Symptoms

When using HTTPS Inspection for inbound inspection using a third party imported certificate from a trusted CA, browsers show an error about the certificate not matching the domain.
Errors seen in different browsers:

Internet Explorer - "The name on the security certificate is invalid or does not match the name of the site" / "The security certificate presented by this website was issued for a different website's address."

FireFox - "You have attempted to establish a connection with "www.site.com". However, the security certificate presented belongs to "paypal.com.phishingsite.com". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site.
If you suspect the certificate shown does not belong to "www.site2.com", please cancel the connection and notify the site administrator." /

Chrome - “This is probably not the site you are looking for!”

Cause

When a browser connects to an HTTPS website through inbound inspection, HTTPS Inspection presents a certificate which was issued to a different domain (e.g. a certificate for *.mycompany.com when the website is myotherwebsite.com). The browser is able to validate the certificate, but displays an error that there is a mismatch between the requested domain and the certificate.

Solution

Note: To view this solution you need to Sign In .