SSL Inspection - Websites showing up as Insecure despite having added Appliance Root CA

Question

Hello, 
 I am setting up a new firewall, and feel like I am missing something. The default settings are currently applied for SSL Inspection. I have downloaded the Appliance Root CA from the Web > General Settings, as well as the resigning certificate from the Profiles > Decryption Profile setting. I have added those to the Trusted Root Authority store on my Windows 8 laptop. This made it so that secure websites will load without being blocked, but in the address bar of my browser (Edge, in this case), they are still showing up as "Not Secure" - see screenshot. This seems like it must be an issue that has a really basic solution that I am missing, but hopefully somebody here can help me out and point me in the right direction.

LHerzog · Answer

I would think of a CA certificate at the wrong place or a 3rd Party Endpoint Security installed, checking HTTPS connections. Disabling "system application_classification" should not be required. 
 Info: Microsoft has switched to browser CA certificates in Edge. Just like firefox does. 
 https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-cert-verification 
 In past versions of Microsoft Edge, both the default certificate trust list and the certificate verifier logic were provided by underlying operating system (OS) platform. 
 For managed devices, starting in Microsoft Edge 112 on Windows and macOS, both the default certificate trust list and the certificate verifier are provided by and shipped with the browser. This approach decouples the list and verifier from the host operating system's root store for the default verification behavior. See the rollout timeline and testing guidance for more detail about the timing of the change. 
 Even after the change, in addition to trusting the built-in roots that ship with Microsoft Edge, the browser queries the underlying platform for&mdash;and trusts&mdash;locally installed roots that users and/or enterprises installed. As a result, scenarios where a user or enterprise installed more roots to the host operating system's root store should continue to work.

Raphael Alganes · Answer

Hello Stephen, 
 Good day and thanks for reaching out to Sophos Community. 
 Could you follow this Community Recommended Read guide and see if it would help resolve your issue: Sophos Firewall: Resolving "Not secure" error while browsing secure sites 
 Many thanks for your time and patience and thank you for choosing Sophos. 
 Cheers,

SSL Inspection - Websites showing up as Insecure despite having added Appliance Root CA

Top Replies