Google thick clients for Desktop fails through Cloudsoc


Article ID: 220455


Updated On:


CASB Gateway


Google's thick clients like Google Drive for Desktop or Google Chat, fail when passing through Cloudsoc (or WSS).




The main reason is the certificate pinning, where those agents are shipped with a predefined trust store. 

The gateway traffic needs to be intercepted using an emulated certificate for inspection and processing which causes the SSL handshake to fail since the certificates used for Cloudsoc or WSS are not defined on those agents.


Gateway traffic through WSS on any deployment (WSS Agent, or Proxy chaining)


Google offers a list of registry keys to change the default behavior,

to give an example, here are a few helpful keys for Google Drive:

key path: HKEY_LOCAL_MACHINE\Software\Google\DriveFS

Keys to be used:

TrustedRootCertsFile (string) : using this key, Google Drive can be configured to trust the root certificate of WSS. download the certificate and add the path here

DisableSSLValidation (DWORD): another option to explore is to disable the SSL validation altogether, this key can be used in labs for testing and QA though it is not recommended in production, it is an insecure solution and can open up the environment for security issues.

Additional Information