Unable to Access Google Cloud API using WSSA

book

Article ID: 210288

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

After logging into Google Cloud, any gcloud command line request would fail with following error:

ERROR: gcloud crashed (SSLError): HTTPSConnectionPool(host='compute.googleapis.com', port=443): Max retries exceeded with url: /batch/compute/v1 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))

We have tried to append the WSS certificate to Java cacerts file on host, but issue persisted

Tried to bypass compute.googleapis.com from WSS and issue still occurred.

Cause

SSL handshakes to some dependent google domains failed due to certificate pinning. As soon as the WSS SSL inspected certificate was sent down, the client would generate an SSL alert message.

Resolution

Added the following domains to the SSL inspection bypass list. 

cloudproxy.app
tunnel.cloudproxy.app