Allow Certificate - suddenly needed - then secure connection failures problem

And now I can't connect to the XG firewall in Firefox.  The error is:

"Peer’s certificate has an invalid signature.

Error code: SEC_ERROR_BAD_SIGNATURE"

I can still connect to the XG in Safari, but I prefer Firefox for that.

When did you create the certificate? Long ago SHA-1 was standard hash for signatures.

This is not longer the case since SHA-1 is now considered as insecure (collisions have been found).

Some time ago Firefox stopped accepting them.

You need to regenerate the certificate with SHA-256 at least (SHA-512 preferred).

As last resort you can set "security.pki.sha1_enforcement_level" back in Mozilla.

This has been working for months, all of a sudden the message popped up when I was booting.  That's what I don't understand.  But with SSL/TLS decrypt on the XG on, I get the can't make a secure connection to the server error.  

All my other computers configured this way work just fine.  It's just this computer.  I re-downloaded the required certificate and that didn't fix it.

I think I know what's happening.  This started when after I was in Central, where I went into the Endpoint settings.  I have the policy set to not perform SSL/TLS Decryption.  I went into the settings for that where you can select categories to not decrypt, Banking, Health, etc.  I toggled them on, saved, toggled them off, saved.  I still have the decryption disabled, but it looks like the Endpoints on my three computers all started doing the Endpoint decryption.  I removed the computers from the group I have in the EAP, and so far, it looks like it's working.

Maybe, I'll see in the morning.

I removed the three computers from the EAP and everything is fine again.  So this turns out to be a bug report in the EAP, where the policy for decrypt is off, but if you toggle the categories of what can be decrypted or not also activates the policy for decryption--even though the policy is turned off.