With the changes to Apples requirements for trusted certificates in iOS 13 and macOS 10.15 there are two things that you will need to do on your system to get ready for this.

More details from Apples article: https://support.apple.com/en-gb/HT210176

We have changed the default nsproxy config in version 6.3.1 to address this update.  However, existing installs must have this change done manually because it is within the live nsproxy.conf which we purposely don’t modify on upgrade.  Should you intend to upgrade to 6.3.1 (or newer) and don’t have this configuration set, it will be updated to use the latest defaults after the upgrade is completed.  If this is not possible, you can follow the below steps to update it on you current deployment.

/usr/local/netsweeper/etc/nsproxy.conf
# ssl_gen_key_size 1024

This needs to be uncommented and changed to at least a value of 2048.

/usr/local/netsweeper/etc/nsproxy.conf
ssl_gen_key_size 2048

Once you have done that, you will also need to clear the cert cache with the following steps:

nsproxyctl stop
rm -f /usr/local/netsweeper/var/lib/nsproxy/cache/cachefkcrt.dat
nsproxyctl start

::NOTE:: Remember this will need to be completed on each proxy server.