(Cloud) Going to Google properties results in SSL errors, even though I have SSL intercept disabled
Article ID: 168835
Updated On:
Products
Web Security Service - WSS
Issue/Introduction
SYMPTOMS:
SSL Intercept is disabled for my account
SSL Intercept is disabled for google.com
I have Google Safe Search enabled
I am being prompted with a certificate warning
The untrusted CA is the Cloud Services Root CA, or Cloud Services CA or DPx-SG1-YYY, where x=1 to 20, where YYY is a location, such as DA1, DE1, DC5, SV2, CH2, etc.
SSL Intercept is disabled for my account
SSL Intercept is disabled for google.com
I have Google Safe Search enabled
I am being prompted with a certificate warning
The untrusted CA is the Cloud Services Root CA, or Cloud Services CA or DPx-SG1-YYY, where x=1 to 20, where YYY is a location, such as DA1, DE1, DC5, SV2, CH2, etc.
Resolution
With the release of Web Security Service 6.8.2 on October 23, 2015, there are some changes to safe search. The 6.8.2 release notes state the following:
============================
Force Safe Search Changes
http://portal.threatpulse.com/docs/sol/Solutions/ManagePolicy/AdvancedPolicy/advpol_safesearch_ta.htm
============================
The Advanced Policy Safe Search Link above references the following information:
============================
When Safe Search is enabled, the Web Security Service performs minimal SSL interception, which is required for policy enforcement. This is regardless of the current SSL Interception enabled/disabled state (Network > SSL Interception). If your employee base reports certificate warnings, deploy the Web Security Service trusted certificate. See Examine Encrypted (HTTPS) Traffic.
============================
If you are unable to deploy the Web Security Service (Cloud) Root CA to your workstations, you can disable Google Safe Search until the certificate has been deployed to your user base. Once the cert has been deployed, then you can re-enable Google Safe Search.
============================
Force Safe Search Changes
- This release introduces changes to the Force Safe Search feature. The feature now fully supports Google safe search.
http://portal.threatpulse.com/docs/sol/Solutions/ManagePolicy/AdvancedPolicy/advpol_safesearch_ta.htm
============================
The Advanced Policy Safe Search Link above references the following information:
============================
When Safe Search is enabled, the Web Security Service performs minimal SSL interception, which is required for policy enforcement. This is regardless of the current SSL Interception enabled/disabled state (Network > SSL Interception). If your employee base reports certificate warnings, deploy the Web Security Service trusted certificate. See Examine Encrypted (HTTPS) Traffic.
============================
If you are unable to deploy the Web Security Service (Cloud) Root CA to your workstations, you can disable Google Safe Search until the certificate has been deployed to your user base. Once the cert has been deployed, then you can re-enable Google Safe Search.
Feedback
Yes
No
Powered by
