I've a problem with the untrusted certificate that issued by MWG...that is I've to import it on each end-point browser as a trusted CA !!
I tried to to use trusted certificate (from Verisign, Go daddy) and to import it on the appliance (POLICY-SSL Scanne-handle connect call-set client context-event-default CA-import) and even it's trusted ..the problem on the browser remained (the certificate path is not correct)...
actually it is not logic to add the certificate on each end-point and even If doing that by domain (I've laptops and portal devices) !!
any suggestions PLEASE !!
have you read the best practices document?
Yes. If you do any type of SSL scanning, you must install a CA certificate on each workstation to avoid certificate warnings.
If there is already an internal CA that you have where the root certificate is already installed on the client, then you can have that same root CA create a subordinate CA that can be put on MWG.
You cannot use a public certificate from a public CA to do this.
There is no way around this. All SSL interception products from all vendors work the same way. This is how SSL works.