There are now more than one problems that lead to your situation: If the root CA cert is not in the trusted root store, then it is normal, that you are able to connect to some websites when you ignore the cert warning Websites that partly work is probably because you ignore the cert warning for the main page, but because javascript, css, images, ... are pulled from other domains you can't see the cert warning and so cannot ignore it and the connection fails If you were connected once successfully (without decryption) to websites that have HSTS (https strict transport security) configured, then your browser will store this header locally. When you connect again to such a website and the HSTS entry did not time out, then as described in HSTS RFC the browser is not allowed to give you a possibility to ignore the warning --> rhe connection fails completely
... View more