Unable to access app.blackduck.com with WSS agent enabled
search cancel

Unable to access app.blackduck.com with WSS agent enabled


Article ID: 214204


Updated On:


Cloud Secure Web Gateway - Cloud SWG


WSS agent 7.3.1 running on Windows 10 workstation

Users can access internet without issues

Users getting following error while accessing broadcom.app.blackduck.com (broadcom added to mask organisational name*) via WSS.

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

When WSS agent disabled, all works fine.

SSL inspection bypass added for blackduck.com and app.blackduck.com domains but still having issue.


WSS Agent 7.3.1 (can happen with all versions)

Windows 10 OS


Certificate pinning enabled on java based application

Although browser shows access to Blackduck domains, it also accesses other domains in background such as sig-repo.synopsys.com

When these are inspected by WSS, the client application throws an SSL/TLS alert


Add SSL inspection bypass for sig-repo.synopsys.com domain.

Additional Information

HAR file may not b available if a thick client is running, but could use Fiddler instead.

HAR file/Fiddler will show what domains user is going to.

After getting Symdiag output and extracting InTunnel PCAP, check all SSL handshaked sessions to the domains from HAR file, and identify failing ones. These need to be added to SSL inspection bypass.