Disable certificate authority web proxy

Question

I am running the XG firewall as a direct proxy in gateway mode and it is working correctly for HTTP traffic. The rule I created for the web proxy does not have any web filtering and the Decrypt and Scan HTTPS option is disabled. However, it gives me an error "Your connection is not private " when I try to open HTTPS sites in Google Chrome. It has the NET::ERR_CERT_AUTHORITY_INVALID message and clicking the advanced button shows that the website is using HSTS and there's no way around that. If I don't want to import the certificate authority into my browser is it possible to disable the certificate authority?

This thread was automatically locked due to age.

lferrara · Accepted Answer

Tich, 
 try to disable the micro-app scanning from console: 
 system application_classification microapp-discovery off 
 and clear the browser's cache. 
 If it does not work, restart Tomcat service from XG advanced shell: 
 service tomcat:restart -dsnosync 
 Regards

Nnyan · Answer

I just installed XG and once I had the basic configurations done I was online but more than half the websites I got to regularly were being blocked like the OP (your connection is not private. NET::ERR_CERT_AUTHORITY_INVALID in chrome and a similar error in IE). I've tried a number of "fixes" but none worked until I read this post. I had found a number of posts about either disabling the microapp discovery but just doing that did not work. The missing piece was to restart the tomcat service. 
 Would it be possible to have this be a bit more clear in the UI? anyways thank you this really helped me, as XG was not usable in that state.