Last Modified: Apr 10, 2019
Opened: Dec 29, 2017
In SSL Forward Proxy, the client side forges a server certificate and caches the forged cert for all server certificates passed the server side certificate validation including expired certificate.
The caching of the expired certificate may cause the SSL to use the expired certificate even when the backend server renew the certificate.
In SSL Forward Proxy enabled server side profile, the 'server authentication' is set to required, and the 'expired certificate response control' is set to ignore. When the backend server certificate expired, the client side SSL will forge a certificate and cache the forged certificate.
With this fix, SSL will no longer cache expired server certificate.