This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow Certificate - suddenly needed - then secure connection failures problem

All of a sudden, today after booting, I received a notification that I needed to trust the certificate for decryption.  I allowed the trust.  SSL/TLS Decryption is and has been disabled in the Policy. Now, everything I try to connect to in Safari, Chrome, Firefox, even Endpoint communications are failing as can't make a secure connection to the website error.  I've looked at all certificates in Keychain Access and they are all trusted.  The only way to get around this that I've found is to connect through a VPN bypassing the XG firewall.  

I'm on Sonoma 14.2.1 (23C71) on a MacBook Pro M3.  The Endpoint is 10.5.1. Everything in Self Help is green.

Any ideas on the cause and solution?

Thanks.



This thread was automatically locked due to age.
Parents
  • I think I know what's happening.  This started when after I was in Central, where I went into the Endpoint settings.  I have the policy set to not perform SSL/TLS Decryption.  I went into the settings for that where you can select categories to not decrypt, Banking, Health, etc.  I toggled them on, saved, toggled them off, saved.  I still have the decryption disabled, but it looks like the Endpoints on my three computers all started doing the Endpoint decryption.  I removed the computers from the group I have in the EAP, and so far, it looks like it's working.

    Maybe, I'll see in the morning.

Reply
  • I think I know what's happening.  This started when after I was in Central, where I went into the Endpoint settings.  I have the policy set to not perform SSL/TLS Decryption.  I went into the settings for that where you can select categories to not decrypt, Banking, Health, etc.  I toggled them on, saved, toggled them off, saved.  I still have the decryption disabled, but it looks like the Endpoints on my three computers all started doing the Endpoint decryption.  I removed the computers from the group I have in the EAP, and so far, it looks like it's working.

    Maybe, I'll see in the morning.

Children
  • I removed the three computers from the EAP and everything is fine again.  So this turns out to be a bug report in the EAP, where the policy for decrypt is off, but if you toggle the categories of what can be decrypted or not also activates the policy for decryption--even though the policy is turned off.