XG web proxy modifies certificate start and end date

Question

Hello, 
 is it expected bahaviour that the XG is adding several months to the certificate of a website when doing HTTPS decrpytion and inspection? 
 We noticed this today and were confused. 
 If this is "works as designed" - What is the purpose of doing that? 
 
 example: 
 www.heise.de 
 Public Cert end date is 11.6.2022, 01:59:59 as seen on the screenshot. Also note the start date.

If i open the website through XG web proxy, the cert end date is 
 19.4.2 023 , 23:20:17 and not 11.6.2022, 01:59:59 
 Also the start date is modified.

LuCar Toni · Accepted Answer

We simply generate a new certificate per website and this should have a decent amout of time. 
 The DPI Engine will copy/paste the values of the original certificate. The Proxy is not doing this, because there is no need. 
 My cert for heise is expiring on 11.06.22 (Signed by my XG).

XG web proxy modifies certificate start and end date

Top Replies