Problem with NET::ERR_CERT_AUTHORITY_INVALID still present?

Question

Hi, 
 I have ONE of 3 new installs of XGS-126 having long known problem with Sophos CA certificates on some popular URL addresses. For example, users cannot download Google Chrome: 
 
 I guess problem is HSTS, where browser detects MITM, which is Sophos box. 
 I already disabled microapps in console, recreated CA certificate, restarted Tomcat service...but beside this being ridiculous after so many years, it still does not work. Went through dozens of forums and threads here, but cannot find a solution. 
 Any idea, hint? Please & thanx!

Andrej Pirman · Accepted Answer

UPDATE - SOLVED: 
 As it turned out after examining firewall logs, it was "DEFAULT" WEB POLICY, which is blocking unwanted freeware, clasifying Google Chrome as unwanted app. Changing WEB POLICY in firewall rule to something else, for example "Default Workplace Policy" resolved the issue. 
 Maybe Sophos could put some effort into resolving the behavior in such a way, that it would be clear to user and administrator whet's going on, instead of just letting HSTS do it's job. In technical equivalent it would be like, nevermind brake failure, let it just hit the wall, it is designed to absorb impact.

Mayur Makvana · Answer

Hello Andrej Pirman , 
 Thank you for contacting Sophos Community! 
 Kindly follow below: 
 community.sophos.com/.../sophos-firewall-resolving-not-secure-error-while-browsing-secure-sites

Problem with NET::ERR_CERT_AUTHORITY_INVALID still present?

Top Replies