Certificate verification failures occur for the following reasons:

Important: The failures you see at your site will depend, in part, on the CVE options you have enabled.
  1. A certificate that was not issued by a CA in Content Gateway’s trusted CA list; this is often a self-signed certificate
  2. A certificate that was not issued by a CA that is trusted by the destination server
  3. A revoked CA (on a CRL or OCSP list)
  4. An expired or not yet valid certificate
  5. An expired, not yet valid, or revoked certificate in the certificate chain
  6. A self-signed certificate in the chain
  7. A name mismatch between the hostname and URL, or similar (hostname and the Common Name, hostname and the Subject Alternative Name; hostname and use of a wildcard in the certificate)
  8. Missing and/or optional fields in the certificate (no CRL or OCSP state; result in “Unknown revocation state” errors)
  9. A problem in the logic of the CVE