Decrypt and Scan HTTPS invalidates HTTPS certificates

Question

I suppose I need to better understand Decrypt and Scan HTTPS Malware Scanning. I noticed that when browse HTTPS site the cert is replaced by the Sophos Cert. So, my question is why and how to troubleshoot. If I turn Decrypt off then all is fine.

This thread was automatically locked due to age.

ChavousCamp · Answer

This is the way HTTPS filtering - just about ANY HTTPS filtering - has to work. HTTPS is an encrypted protocol. Normally, a "middle-man" - like a firewall - cannot snoop on the traffic at all. It has no way to decrypt the traffic, as the two endpoints negotiate the encryption algorithm and pass keys back and forth in such a way as to keep someone from just snooping and impersonating one side or the other.

The only way, then, to decrypt and scan that traffic, is to perform what, in the wild, anyway, would be the equivalent of a "man-in-the-middle" attack. The firewall therefore acts as the "client" and talks to the secure site, and generates a "fake" certificate to talk to the client, thus impersonating the secure site.

To resolve this: Trust the root certificate of the XG box. Then the https certificates will appear valid in your browser.

You will have this problem on ANY device - XG, UTM, Watchguard, etc - that performs deep HTTPS inspection.

LuCar Toni · Answer

https://community.sophos.com/kb/en-us/132997 
 Should be here for everybody. 
 Must Read!