Some of modern browsers can detect Web Gateway Certificate as unsafe. Checking the certificate itself you maybe not directly detect the issue why your browser warn you. A while ago you might have already changed your certificate settings to use stronger signaturehashalgorithmus and you still see the warning, if not please check this article as well: MWG SSL Scanning: Browsers phasing out trust of SHA1 certificates
I'll update this as soon i'll get a sample provided or any of you send me a picture of your Browser with this error.
How to check certificate chain
To show related certificat and its chain in Chrome click Menue > More Tools > Developer tools (Ctrl +Shift+I). Open "security" tab and "Show Certificate".
In Internet Explorer
Click "Lock" sign right side in your address bar and "show certificate". Most likely IE don't show this warning mentioned above.
Presented Proxy certificate
as already mentioned before the presented certificate seems to be correct.
Marked in red, its created by McAfee Certificate Authority and it use SHA256 SignatureAlgorithm. So why it is marked as unsafe?
To answer this question we will need to check presented Certificate Chain.
Certificate chain and used Root Certificate Authority
To open Root Certificate, please navigate to 3rd tab (Certificate Path) in certificate window. Select(1) and open Root Certificate(2) as shown in screenshot below.
Now as you can see in details the presented SignatureAlgorithm of used Certificate Authority is SHA1, which your browser may detect as unsafe.
This needs to be done on CLI as a root user. You can choose a directory you have access in the UI to, in order to save time downloading and installing additional Applications like WinSCP:
LogIn to CLI
[root@mwgapplsm75 ~]# cd /opt/mwg/log/debug/tcpdump/
[root@mwgapplsm75 tcpdump]# openssl genrsa -aes256 -out ca-key.pem 2048
[root@mwgapplsm75 tcpdump]# openssl req -x509 -new -nodes -extensions v3_ca -key ca-key.pem -days 1024 -out ca-root.pem -sha256
Download Certificate UI > Troubleshooting > Packet tracing
Import created Certificate and Key file
Save your changes and verify root CA's signaturealgorithm
Fixed in Version 7.7.X
When you update older Version to 7.7.X you will need to generate new Certificate before new settings will take effect.
New Root CA looks than like this one, created on 220.127.116.11