While running the API call in SAP Intelligent RPA Portal, users report "local issuer certificate error" when the WSS Agent is running as shown below

When disabling the WSS Agent, the script works fine

Tried to bypass SSL inspection for a number of domains but problem persists 

A number of potential solutions exist for this problem but ultimately ended up bypassing SSL inspection and CASB for accounts.google.com when users part of a local developer group.

;; Tab: [SEA Force SSL Disable Accounts Google]

<SSL-Intercept> condition=Google_Accounts_SSL policy.BC_UPE_Set_ssl_forward_proxy_issuer_keyring
condition=Google_Accounts ssl.forward_proxy(no)
define condition BC_Elastica_SSL_Exempt
url.domain=accounts.google.com
end

define condition Google_Accounts
url.domain=accounts.google.com
end

define condition Google_Accounts_SSL
group='SG-US DLP Symantec UG7'
end

Other options include the following:

1. Can the SAP Application be configured to accept the SSL certificate returned by WSS - options exist on the SAP side which would disable certificate pinning

2. Use SAP thick client application instead of Web based, so that an Application level bypass can be done on the WSS side

3. Add a protocol detection bypass for the accounts.google.com IP address and apply it to subset of users. This is slightly more aggressive than the option customer went with above, but also works.