Following error is observed when particular web sites are Isolated by the Web Isolation Cloud. As an example www.transunion.co.uk is affected by the issue.

Your connection is not private

Attackers might be trying to steal your information from www.transunion.co.uk
(for example: passwords, messages, or credit cards).

Error code: ERR_CERT_AUTHORITY_INVALID (-202)

The default trusted CA certificates in the Web Isolation is dictated by the maintainers of Chromium.  The list of CA certificates that are trusted by default depends on the Chromium version used in the TIE gateways.

Root and intermediate certificates should be imported to the Web Isolation certificate store. To do it, follow steps below:

1. Open affected web site using direct Internet access and verify Certificate Hierarchy for affected web site. Make sure certificates are valid and issued by well known  certificate authorities.

2. Download root and intermediate certificates in the chain from the root certificate authorities sources. Root and intermediate certificates for the web site  www.transunion.co.uk are available using links below.

Entrust OV TLS Issuing RSA CA 1:
http://cert.ssl.com/Entrust-OVTLS-I-R1.cer

SSL.com TLS RSA Root CA 2022:
https://ssl.com/repo/certs/SSLcom-TLS-Root-2022-RSA.pem

Note: To import certificates to the WI certificate root store, certificate should be converted to the ".pem" format. Below is the example of converting ".cer" to the ".pem" using  openssl utility:

openssl x509 -inform der -in certificate.cer -outform pem -out certificate.pem

3. Import root and intermediate certificates to the WI under the WI GUI console -> System Configuration -> Trusted Certificates -> NEW TRUSTED CERTIFICATE:

4. Push settings once certificates are added and clear browser cache before verifying the changes.