Clearing up final comment above, on the second refresh the new SSL cert had been applied which replaced the default *.azurewebsites.com SSL cert

Taking this one for now, I'll try to set up a reproduction case on Monday.

Reporter: On your steps to reproduce, you refreshed between 2 and 3 and the Not Secure indicator did not change? Also, was this after proceeding through the interstitial, or while on the interstitial?

Hello Carlo, that is correct. I refreshed using the refresh button and via ctrl + f5. I could see in the dialog that appeared on clicking not secure that it could see there was a valid SSL cert and I could see it was secure using another browser and on a different machine with the same browser.

Unsure what your second questione means.

Thanks for clearing that up! As for my second question, what I meant was, since this page had an invalid SSL cert, you should have gotten a "Your connection is not private
" warning page the first time you visited, my question was whether you are refreshing (and therefore seeing the error) while seeing the warning page, or after clicking "Proceed to..." 

Thanks again.

Ah ok, apologies. I'd gotten the warning as you expected but continued anyway as I was waiting for the SSL to apply. I refreshed on the page itself.

I can reproduce this on CrOS as well (see attached screenshot). The Not secure chip remains even after reloading the page with ctrl+shift+r. After logging out and back in, the Secure chip shows up.

Steps to reproduce are the same. I clicked through the interstitial (rip badidea), renewed the cert on the server, then refreshed the page. The cert's "Valid" link shows details for the updated cert, not the expired one.

Deleted: 06FfLY5WQR2.png 46.7 KB

	06FfLY5WQR2.png 46.7 KB View Download

It looks like the requested feedback was provided; removing the label.