search cancel

Web Security Service SSL Root Certificate Deployment for Guest Network


Article ID: 175305


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Guests or visitors joining a guest network are not able to browse to HTTPS sites while protected by Web Security Service (WSS).

Guests that are connected to a guest network are receiving browser errors while protected by WSS and attempting to browse to HTTPS sites. 


Web Security Service 


The machine does not have the Web Security Service Cloud Root Certificate installed in the Trusted Root Certificate Authorities directory. 


Exempt the guest network or subnet from SSL Interception

  1. In the WSS portal, navigate to Service -> Network -> SSL Interception -> SSL Interception Policy.
  2. Add a rule with the network subnet as the Source.
  3. Select Do Not Intercept as the Verdict.

Note! This will exempt the network from SSL Interception and some WSS features and policy will not apply correctly.

Alternatively, guests can install the Cloud Root Certificate into the Trusted Root Certificate Authorities directory. It is up to the organization to decide the method of downloading and distributing the certificate to the guest users. 

Additional Information:

See About Scanning Encrypted Traffic 

See Install Encrypted Traffic Certificates

See Enable SSL interception in Web Security Service