search cancel

Web Security Service SSL Root Certificate Deployment for Guest Network

book

Article ID: 175305

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Guests or visitors joining a guest network are not able to browse to HTTPS sites while protected by Web Security Service (WSS).

Guests that are connected to a guest network are receiving browser errors while protected by WSS and attempting to browse to HTTPS sites. 

Environment

Web Security Service 

Cause

The machine does not have the Web Security Service Cloud Root Certificate installed in the Trusted Root Certificate Authorities directory. 

Resolution

Exempt the guest network or subnet from SSL Interception

  1. In the WSS portal, navigate to Service -> Network -> SSL Interception -> SSL Interception Policy.
  2. Add a rule with the network subnet as the Source.
  3. Select Do Not Intercept as the Verdict.

Note! This will exempt the network from SSL Interception and some WSS features and policy will not apply correctly.

Alternatively, guests can install the Cloud Root Certificate into the Trusted Root Certificate Authorities directory. It is up to the organization to decide the method of downloading and distributing the certificate to the guest users. 

Additional Information:

See About Scanning Encrypted Traffic 

See Install Encrypted Traffic Certificates

See Enable SSL interception in Web Security Service