Users accessing internet sites successfully via Cloud SWG using Proxy forwarding access method.

A handful of developers are using Browserstack for testing apps, and when these users try to connect to Browserstack through the on premise proxy, the following error is reported back:

WSS Endpoint: wss://cdp.browserstack.com/playwright?caps={"b...
Connection failed: browserType.connect: WebSocket error: connect ETIMEDOUT #.#.#.#:443
Call log:
  - <ws connecting> wss://cdp.browserstack.com/playwright
  - <ws error> wss://cdp.browserstack.com/playwright error connect ETIMEDOUT #.#.#.#:443
  - <ws connect error> wss://cdp.browserstack.com/playwright connect ETIMEDOUT #.#.#.#:443
  - <ws disconnected> wss://cdp.browserstack.com/playwright code=1006 reason=

Although the error references WSS (secure web socket), other Web socket applications work correctly in the same environment.

Disabling SSL interception for the domain worked around the issue, but interception is a requirement for these domains.

BrowserStack thick Application.

Cloud SWG.

Edge SWG.

Application SSL certificate validation failure.

The issue was triggered by certificate pinning on the BrowserStack application. 

To fix the issue, we converted the SSL interception certificate into .pem files that was added to a .pem bundle and referenced via the NODE_EXTRA_CA_CERTS variable.

For more details on the instructions, check out this link.