"SSL connect error" during application installation if WSS Agent is active
search cancel

"SSL connect error" during application installation if WSS Agent is active


Article ID: 253532


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Screencast-O-Matic software cannot be installed with WSS Agent active. On the WebLaunchRecorder.exe execution, the installer tries to download the content and the following error appears:

The software installs correctly when WSS Agent is disabled



Cloud Secure Web Gateway (Cloud SWG) - formerly Web Security Service


Application has certificate pinning enabled, where it expects the SSL certificate from the SSL handshake to be that of the origin server, and not the WSS intercepted one.

Installer connects to screencast-o-matic.com domain to download further content. It requires original SSL certificate in order to proceed. When the "SSL connect error" appears it means that the domain doesn't trust the WSS certificate which is intercepting the connection.

This can be seen in the packet capture when logging in-tunnel traffic of WSS Agent - Broadcom's certificate generates warning:


Domain screencast-o-matic.com needs to be bypassed from SSL interception:
1. If policies are managed in WSS Portal:
Add the following rule into "Policy > TLS/SSL Interception" and Activate the Policy:

2. If policies are managed via Management Center (UPE):
Add the following code into CPL layer:
#if enforcement=wss
url.domain=screencast-o-matic.com ssl.forward_proxy(no)