In this configuration, both proxies terminate and inspect SSL traffic independently.
The Artica proxy intercepts the client’s encrypted request, decrypts it, then re-encrypts and forwards it to the parent proxy.
The parent then decrypts the request again before contacting the origin server.This feature is available on Artica v4.50 Service Pack 5 or Artica v4.50 Service Pack 4 Hotfix 20250718-14
¶ This setup can lead to issues such as:
- SSL certificate validation errors (e.g., self-signed certificates presented by the parent proxy)
- Certificate chain mismatches
- Loss of original client context (e.g., SNI, client certificate validation)
¶ Trust the parent’s certificate authority
The child proxy must trust the certificate authority (CA) used by the parent proxy to re-sign decrypted SSL connections.
To do this, you need to import the parent proxy’s certificate into the Certificate Center:
- Obtain the certificate used by the parent proxy for SSL decryption.
- In the left-hand menu, navigate to
Your System > Certificate Center. - Click the Action button and select Import Server Certificate.
- Upload the parent proxy’s certificate to add it to the trusted list.
¶ Add the certificate to the proxy’s trusted certificate store
- In the left-hand menu, go to
Your Proxy > SSL Protocol. - Click on the Trusted Certificates link.
- In the Trusted Certificates window, click Use a Certificate from the Certificate Center.
- Select the parent proxy's certificate you previously imported.
- On the Certificate field, click on the Choose button and select the uploaded parent proxy’s certificate
- This ensures that the child proxy will recognize and trust the re-signed certificates issued by the parent proxy during chained SSL interception.
