- You click to select Enable HTTPS inspection check box on the General tab of the HTTPS Outbound Inspection dialog box on a computer that has Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1) installed.
- You add a domain name set, and then you add a Fully Qualified Domain Name (FQDN) of a website to the set. You set the Certificates field to No Validation in the Destination Exceptions tab.
Note When the No Validation option is set, Forefront TMG 2010 SP1 cannot retrieve and validate the server certificate of Forefront TMG 2010 SP1.
When certain web servers receive an empty client certificate, these servers accept and renegotiate the client certificate. For example, IIS web servers accept and renegotiate the client certificate. However, other web servers may return an SSL error when these web servers receive an empty client certificate. Therefore, Forefront TMG displays the error message.
Update informationTo resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
Article ID: 2423401 - Last Review: Oct 1, 2010 - Revision: 1