SSL/TLS Decryption with Smartcard or Certificate based authentication

We are in the process of testing out the SSL/TLS Decryption in our Endpoint policies. I have recently come across an issue with a site our users access that requires a certificate to authenticate properly. I have exempted this site's URL in the global settings > SSL/TLS decryption of HTTPS websites > Websites excluded from HTTPS Decryption section, however I still see that the Root CA for the sites is replaced with the Sophos Root RSA one. When this policy is applied the user is unable to authenticate and is brought to a screen that you would see if you did not have the cert present on the device. I have ensured that the root CA cert is present in the proper trusted root certs store on their PCs, and no warnings are encountered prior to accessing the site. Has anyone else had any success with testing SSL/TLS decryption policies for Endpoints on machines that access resources that use Certificate-based/SmartCard authentication?



Edited tags
[edited by: Gladys at 7:45 AM (GMT -7) on 16 Sep 2022]