Certificate error when accessing certain websites when Client DPI-SSL is Enabled

When Client DPI-SSL is enabled, you may encounter an 'Invalid certificate' error while accessing certain websites. The browser will show the following error.

Verify that the correct certificate is selected for Client DPI-SSL

• Navigate to POLICY | DPI-SSL | Client SSL | Certificate.
• Ensure that the Default SonicWall DPI-SSL 2048-bit CA Certificate NEW (or the configured custom certificate, if applicable) is selected.
  

Ensure that the same DPI-SSL certificate is correctly imported and trusted in the client web browser

Verify the certificate chain of the affected website on the client's browser by either

• Disabling Client DPI-SSL temporarily or adding the website to the Client DPI-SSL exclusion list.
• Below is how the certificate chain would look.
  
• In most cases, the Root certificate is already present on the firewall.
• To verify this, navigate to Device | Settings | Certificates.
  
• If the Root or Intermediate certificate is not present on the firewall, export the required certificate from the web browser and import it into the firewall.
  
• To import the certificate, navigate to Device | Settings | Certificates.
  Note: Each time a certificate is imported into the firewall, a reboot is required. After rebooting the firewall, the affected website should function correctly.