Juniper SSLVPN is a https website right?
when using https, browser makes a request to the server and server returns its certificate and the CA signature.
Browser will verify if the CA can be trusted
I tried the following step
issue a CSR is sign by my company internal CA, export the root CA from the signed cert, then from Juniper SA Trusted Server CAs configuration page, i trust my internal CA my install this exported root cert
then, i try to login to this Juniper SA from my home PC, no more warning message prompt, the question is here
as the verify process i mentioned ablow, if the verify is done by end point PC in stead of the https server (in this case, the Juniper SA), why after i configured the SA to trust my internal CA, the end PC will not prompt warning message on browser any more?
i had tried this thing on serval SSLVPN appliance, i got the same result
If you are using Web rewriting then it is the Juniper appliance that connects to the internal web sites and so it is the appliance that has to trust the CA that issues the internal sites certificates. As you have added the CAs certificate to the Trusted Server list on the appliance this is why you no longer see the warning.
there are actually two possibilities :-)
To verify these possibilities have a look at the Certificate Chain of this specific certificate.
Another possibility would be if you have trusted this certificate before (you'll see a warning in the certificate chain / certificate details)
hope this helps