Certificate error with DPISSL while accessing website
Description
With DPI-SSL as active, there is sometimes invalid certificate error while trying to access some not so common websites.
Error looks like below:
This document will help to check the relevant certificates needed for the website to work and help to import these on Firewall for it to work.
It is irrespective of the client using the default sonicwall certificates or any custom certificates as required by respective organization.
Cause
Probable cause is some missing intermediary certificates.
Resolution
First thing is to check if the client is showing the correct certificate which is mentioned under DPI SSL certificate.
If that is correct, then check the root certificate for that particular website.
For most of the cases, the main root certificate will be installed on Sonicwall.
For the missing certificate, it is also advisable to check online for websites(for checking certificates) which can find the intermediary certificates.
For example, below the additional certificates are shown which is also require to be installed on Sonicwall.
Then, the missing certificate can be downloaded separately and installed / imported on the firewall under certificates.
To download the certificate, just import the missing certificate.
Once downloaded on the firewall, need to restart the Firewall. It will work fine.
For reference:
How to decrypt HTTPS Traffic using DPI-SSL? | SonicWall
How to install the DPI-SSL certificate in modern browsers | SonicWall