Select Incidents and Alerts Log Viewer and select Firewall/Decryption to drill
down into the logs.
Use the query Error Index = 'Certificate' to view all
Decryption sessions that experienced certificate errors.
The Error column shows the reason for the certificate
error. To filter for all Decryption sessions that had the same error, click
the error message to add it to the query and then execute the query. For
example, to find all errors based on receiving a fatal alert from the
client, clicking the error produces the query (Error Index =
Certificate) AND (Error Message = ‘Received fatal alert
CertificateUnknown from client’).
To filter for the certificate errors that a specific host received, add that
SNI to the query instead of adding error message text. For example, to find
all certificate errors for expired.badssl.com, use the query
(Error Index = 'Certificate') AND (Server Name Indication =
‘expired.badssl.com’).
The Error column shows the specific reason for each
certificate error associated with expired.badssl.com.
Once you know the reason for the certificate issue that caused the decryption
failure, you can address it. For example, if the certificate chain is
incomplete, you can repair the incomplete
certificate chain. If a certificate is expired, you can notify the site
administrator or create a policy-based exception if you need
to access the site.
