Untrusted SSL Server Certificate warning seen when Web Isolation "Pass" rule is matched
Article ID: 236677
Updated On:
Products
Issue/Introduction
Sites added into Web Isolation with Action as Pass result to SSL server cert validation error as shown below. Removing the site in question from the same isolation bypass (pass) resolved the error. This issue happens on all sites.
Environment
This is specific to user traffic forwarded from WSS to Web Isolation Cloud with a matching "Pass" rule only
Cause
The "Pass" action does not terminate SSL traffic nor does it emulate client certificate. This has caused Web Isolation (WI) to return the original OCS certificate back to WSS.
As of this writing WSS trust only some specific certificates coming from WI hence the warning.
Resolution
Use the "Inspect" action instead of "Pass". This will allow for SSL termination and client certificate emulation which in turn avoid the warning.
Another option would be to bypass traffic to WI from WSS to avoid sending traffic unnecessarily to WI but in the end bypass it.
Feedback
