search cancel

MAC OS cannot connect to Apple resources after SSL interception is enabled

book

Article ID: 173666

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

When WSS Agent (WSSA) is installed on MAC OS, users are unable to connect to Apple resources after enabling SSL interception. 

Cannot Connect to App Store.

 

Environment

Web Security Service.

MAC OS.

WSS Agent.

Cause

Apple Inc. products and services (including apps like iTunes, iCloud, App Store, etc.) uses certificate pinning. Basically, they only work if the client is connecting to them along with the specific Apple Inc. SSL public key, and if you are using Web Security Service (WSS) with SSL interception enabled, this can cause some issues with the access to those services.

 

Resolution

To solve this issue, bypass SSL Interception for the following destination URLs: 

  1. Apple.com
  2. mzstatic.com

Instructions how to add domains to SSL interception list can be found here