MAC OS cannot connect to Apple resources after SSL interception is enabled

book

Article ID: 173666

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

When Unified Agent (UA) is installed on MAC OS, users are unable to connect to Apple resources after enabling SSL interception. 

Cannot Connect to App Store

 

Cause

Apple Inc. products and services (including apps like iTunes, iCloud, App Store, etc.) uses certificate pinning. Basically, they only work if the client is connecting to them along with the specific Apple Inc. SSL public key, and if you are using Web Security Service (WSS) with SSL interception enabled, this can cause some issues with the access to those services.

 

Environment

Web Security Service

MAC OS

Resolution

To solve this issue, bypass SSL Interception for the following destination URLs: 

  1. Apple.com
  2. mzstatic.com

Instructions how to add domains to SSL interception list can be found here