BugZero found this defect 954 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
10/8/2021
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
All
Fireware
11.x
11.1.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
All
When validating certificates, proxies with content inspection enabled might return invalid resigned certificates to users when an expired root CA or intermediate CA certificates are present as "general use CA" certificates.
Proxies use a dedicated set of trusted CAs to validate certificates when content inspection is enabled. Proxies do not require the general use CAs to function. Review the list of certificates on your Firebox and delete any expired "CA cert" certificates. Do not remove certificates with O=WatchGuard or O=WatchGuard_Technologies, which are part of the default set of certificates and required for Firebox operations. For more information about Firebox certificates, see About Certificates in Fireware Help.