MAC OS cannot connect to Apple resources after SSL interception is enabled
search cancel

MAC OS cannot connect to Apple resources after SSL interception is enabled

book

Article ID: 173666

calendar_today

Updated On: 02-04-2025

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

  • When WSS Agent (WSSA) is installed on MAC OS, users are unable to connect to Apple resources after enabling SSL interception. 
  • Cannot Connect to App Store.
  • Receiving the following macOS installer error when trying to upgrade MAC OS

 

Environment

Web Security Service

MAC OS

WSS Agent (WSSA)

SSL Interception

Cause

Apple Inc. products and services (including apps like iTunes, iCloud, App Store, etc.) use certificate pinning. They only work if the client is connecting to them along with the specific Apple Inc. SSL public key, and if you are using Cloud SWG (WSS) with SSL interception enabled, this can cause some issues with the access to those services.

 

Resolution

To solve this issue, bypass SSL Interception for the destination URLs for your particular issue.

The list of domains from apple can be found here.

Instructions how to add domains to SSL interception list can be found here