Dropbox is not working when enforcing users or group based policy


Article ID: 171329


Updated On:


Web Security Service - WSS


Policy to allow or block Dropbox for specific users or group does not work.


Certificates are verified/validated by inspecting the signature hierarchy:  

 -  >  [MyCert]  →  signed by  [IntermediateCert]  →  signed by  [RootCert]
 -  -  > Where  [RootCert]  is listed in your computer's "Trusted Cert Store."

Certificate Pinning differs in that you ignore the hierarchy above and instead say "Trust this cert only," or "Only trust certificates, signed by this certificate."  

For example, Windows Update Service trusts only certificates signed by Microsoft. This can effectively mitigate any risk of a compromised CA cert.
See: Certificate and Public Key Pinning

Dropbox is not currently supported by the Web Security Service (WSS) because of Certificate Pinning.  SSL Interception is not possible for Dropbox.


Web Security Service


Dropbox can only be Enabled or Disabled for everyone. It cannot be enforced for specific users or groups.

Change the current policy that is not working to be Global for all users and groups.

Check if Dropbox is in SSL interception list.  If yes, then remove it.