Expected issuer using Windows root CA


I am trying to use my own root CA in XG for HTTPS decrypt and Captive Portal, I have successfully installed the root CA under Certificate Authorities and I can select it for HTTPS Decrypt.

Now I have generated a Signed Certificate from this root CA and uploaded it to the Certificates tab, but it is marked with a red cross saying Expected Issuer but the CA is there with the same name.

My appliance is currently running on 17.5.9.


  • Tested with the same certificate files on another XG 310, same issue, tested on a XG 135 running SFOS 17.5.3 and it worked, maybe it is a bug in 17.5.9?

  • Hi  

    When you perform the test with different firmware, you have performed the same steps and files for certificate and it works in Mr-3 but not working in MR-9, please correct me if I am missing something.

  • That's strange!

    Perform these steps:

    • delete the certificate
    • go to advanced shell and type: tail -f /log/*.log | grep certificate
    • upload the certificate
    • check from the advanced shell the error you get when you try to upload the file

    I am not sure but the error should be in "validationError.log" if I am not mistaken.

    Share the result.

  • In reply to Keyur:

    Yes, that's right, I've tested with the same certificate files on a different appliance and an older firmware and it worked.

    On XG 310 17.5.9

    On XG 210 17.5.3

    Same files, same CA.

  • Well... that's weird, I've deleted the certificate and CA from the firewall, uploaded both again and now it worked.

    Did nothing different from previous attempts.

    Anyway, thank you for the support.