Ken, I selected wildcard certificate.

Matthias, I reproduces error with two browsers - same result.

Wildcard certificate is in use, I've checked URL address that host part matches CN in the certificate but still same problem.

Thank you to confirm wildcard certs are supported. I'll troubleshoot further and let you know about results.

Hello Jernej,

I apologise if this response is late.

But on your browser, I assume it's still showing up as certificate is not trusted error?

Could you attempt to clear all cache and information within your browsers and to re-try it.

Also ensure that the certificates (I know you said you've already checked to make it in use) but also go to GUI > Network > Certificates ; ensure this certificate is showing as 'active' 

Finally, if your GUI > Network > IP interfaces which are being used, ensure that if they're clustered, you're enabling the certificate to be used at the right level of configuration.

Thanks,

Matthew

you may need to import the whole cert chain.

I imported the cert, key, and intermediate certs to the cert store on a windows box, then exported the cert to a pfx, checking the box to export the whole chain.   Then just import it to the esa.