"SSL: CERTIFICATE_VERIFY_FAILED" error appears when reaching 3rd party (Azure CLI, Google SDK, or any other) when traffic is going via WSS Agent.

With the agent disabled, the connections is fine with no errors.

The traffic is SSL intercepted and Cloud SWG SSL certificate is not trusted by a 3rd party.

The solution is to add the Cloud SWG root certificate into the 3rd party cert store. Contacting the 3rd party documentation or support may be necessary.

On the Cloud SWG side there are 2 possible workarounds:

1. Disable SSL interception for that domain - so the original 3rd party certificate will be used and there will not be SSL conflict
2. Bypass the domain from Cloud SWG - least recommended as there is no security control over the bypassed traffic