I've just set up Decrypt and Scan for HTTP traffic on a UTM 9.509-3 box, and I'm having some trouble with the certificate that the UTM uses to sign the response back to the client.
Under Web Protection -> Filtering Options -> HTTPS CAs -> Verification CAs, I've successfully imported the public certificate of my Active Directory Intermediate Certificate Authority. As I understand, that means the UTM trusts any certificate signed by that CA now.
I've then used the same Intermediate CA to generate a Subordinate Certificate authority certificate, exported it in PKCS#12 format along with the Private key, and uploaded it to the UTM under Web Protection -> Filtering Options -> HTTPS CAs -> Signing CA. All seems to work OK, so far so good.
However, now when browsing HTTPS sites, the certificate generated by the UTM doesn't have any chain attached to it, so the client thinks it's an untrusted certificate.
Have I missed something in the configuration?
This thread was automatically locked due to age.
