While running the API call in SAP Intelligent RPA Portal, users report "local issuer certificate error" when the WSS Agent is running as shown below
When disabling the WSS Agent, the script works fine
Tried to bypass SSL inspection for a number of domains but problem persists
WSS Agent
SAP Intelligent RPA Web Application
Certificate pinning issue with SAP Application
CASB Gatelet enabled for some of the domains being SSL intercepted, making standard solution to these types of problems more difficult
A number of potential solutions exist for this problem but ultimately ended up bypassing SSL inspection and CASB for accounts.google.com when users part of a local developer group.
;; Tab: [SEA Force SSL Disable Accounts Google]
<SSL-Intercept> condition=Google_Accounts_SSL policy.BC_UPE_Set_ssl_forward_proxy_issuer_keyring
condition=Google_Accounts ssl.forward_proxy(no)
define condition BC_Elastica_SSL_Exempt
url.domain=accounts.google.com
end
define condition Google_Accounts
url.domain=accounts.google.com
end
define condition Google_Accounts_SSL
group='SG-US DLP Symantec UG7'
end
Other options include the following:
1. Can the SAP Application be configured to accept the SSL certificate returned by WSS - options exist on the SAP side which would disable certificate pinning
2. Use SAP thick client application instead of Web based, so that an Application level bypass can be done on the WSS side
3. Add a protocol detection bypass for the accounts.google.com IP address and apply it to subset of users. This is slightly more aggressive than the option customer went with above, but also works.
Oth