My TMG 2010 sp2u1 is using http-inspect with a generated certificate from my Enterprise Root CA. Which works great with all sites except sites from the Dutch Government which are signed with the Staat der Nederlanden Root CA - G2 (which is in trusted Root CA of Windows 2008 R2 by default)
Validation only works, but with inspect it just says in the log:
Failed Connection Attempt
Log type: Web Proxy (Forward)
Status: 0x8009000a
Rule: Authenticated Internet DMZ&LAN > WAN
Source: Internal (My Internal IP:59493)
Destination: External (www.logius.nl 80.95.165.206:443)
Request: 80.95.165.206:443
Filter information: Req ID: 1366d24f; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: https-inspect
User: MYDOMAIN\MyUsername
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x0
Processing time: 0 MIME type:
adding sites that use Staat der Nederlanden Root CA - G2 to the HTTPS inspection exception list works... But there are loads of dutch government sites :)
Can anybody test one of these sites with https-inspection enabled:
https://as.digid.nl
https://www.logius.nl
https://www.officielebekendmakingen.nl/
https://www.overheid.nl/
Any idea what can be wrong?