We just recently upgraded from an XG to XGS firewall and having random issues with certificates. I've had to manually add updated ROOT and Intermediate CA certificates for Digicert and a Top Level DOD certificate among others. I have never had any issues on the previous device with certificates, but downloading the latest certificates and manually adding them to the authorities pages, worked. I knew the issue had to be on the XGS because the sites presented no issue outside of our network and I could see the whole trusted chain. The XGS or maybe it is the latest firmware now presents a self-issued untrusted cert and therefore I cannot see the chain to troubleshoot inside the network. How do the ROOT CAs get updated on the system? Should a firmware update contain updated ROOT CAs? I don't want to have to keep manually adding these as issues pop up because the system has outdated ROOT authorities. I have attached a screenshot of the Authorities, I had to upload to fix the issues. Notice the DOD certificates.
This thread was automatically locked due to age.
