Difference between revisions of "SSL Decryption Exceptions"

From Notes_Wiki
(Created page with "Home > Enterprise security devices or applications > Paloalto firewall > SSL Decryption Exceptions ==Introduction== If the SSL Decryption is enabled for WAN traffic a few mobile applications such as Google Play Store, YouTube, PhonePe, Netflix, etc. or applications common to both system and mobiles such as Zoom, etc. or a few websites such as IRCTC Login, etc might seem inconsistent or broken because of either certificate pinning, anti-bot mech...")
 
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:


==Introduction==
==Introduction==
If the SSL Decryption is enabled for WAN traffic a few mobile applications such as Google Play Store, YouTube, PhonePe, Netflix, etc. or applications common to both system and mobiles such as Zoom, etc. or a few websites such as IRCTC Login, etc might seem inconsistent or broken because of either certificate pinning, anti-bot mechanism, broken certificate chain.
If SSL Decryption is enabled for WAN traffic, certain mobile applications (such as Google Play Store, YouTube, PhonePe, Netflix), applications common to both systems and mobile devices (such as Zoom), or specific websites (such as IRCTC login) may appear inconsistent or malfunction. This can occur due to certificate pinning, anti-bot mechanisms, or broken certificate chains.


For these application, websites to work even if SSL Decryption is enabled a few exceptions should be added.
To ensure these applications and websites function correctly even with SSL Decryption enabled, specific exceptions should be configured.


This article will guide the resolution steps that should be followed to mitigate the issue or steps should be followed to restore the working of applications and websites as expected
This article provides the resolution steps to mitigate such issues and restore the expected functionality of affected applications and websites.


==Please refer to the table below for the issues and their resolution steps: -==
==Please refer to the table below for the issues and their corresponding resolution steps:==


{| class="wikitable" border="1" style="border-collapse: collapse;"
{| class="wikitable" border="1" style="border-collapse: collapse;"
Line 15: Line 15:
! <h4> '''Resolution'''
! <h4> '''Resolution'''
|-
|-
| 1
| style="text-align:center;" | 1
| style="text-align:center;" | Google Play Store
| style="text-align:center;" | Google Play Store
| Add the following URLs to a URL Category and include it in the SSL Decryption Exception policy: -<br>
| Add the following URLs to a URL Category and include it in the SSL Decryption Exception policy: -<br>
Line 26: Line 26:
*'''android.clients.google.com'''
*'''android.clients.google.com'''
|-
|-
| 2
| style="text-align:center;" | 2
| style="text-align:center;" | IRCTC Login
| style="text-align:center;" | IRCTC Login
| Add the following URLs to a URL Category and include it in the SSL Decryption Exception policy:<br>
| Add the following URLs to a URL Category and include it in the SSL Decryption Exception policy:<br>
Line 32: Line 32:
*'''*.irctc.co.in'''
*'''*.irctc.co.in'''
|-
|-
| 3
| style="text-align:center;" | 3
| style="text-align:center;" | Jio Cinema Mobile Application
| style="text-align:center;" | Jio Cinema Mobile Application
| Add '''*.jiocinema.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
| Add '''*.jiocinema.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
|-
|-
| 4
| style="text-align:center;" | 4
| style="text-align:center;" | Ollama Pull
| style="text-align:center;" | Ollama Pull
| Add FQDN object '''r2.cloudflarestorage.com''' to the SSL Decryption Exception policy
| Add FQDN object '''r2.cloudflarestorage.com''' to the SSL Decryption Exception policy
|-
|-
| 5
| style="text-align:center;" | 5
| style="text-align:center;" | PhonePe Mobile Application
| style="text-align:center;" | PhonePe Mobile Application
| Add '''*.phonepe.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
| Add '''*.phonepe.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
|-
|-
| 6
| style="text-align:center;" | 6
| style="text-align:center;" | Rapido Mobile Application
| style="text-align:center;" | Rapido Mobile Application
| Add '''*.rapido.bike''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
| Add '''*.rapido.bike''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
|-
|-
| 7
| style="text-align:center;" | 7
| style="text-align:center;" | Uber Mobile Application
| style="text-align:center;" | Uber Mobile Application
| Add '''*.uber.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
| Add '''*.uber.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
|-
|-
| 8
| style="text-align:center;" | 8
| style="text-align:center;" | YouTube Mobile Application
| style="text-align:center;" | YouTube Mobile Application
| Add '''*.googlevideo.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
| Add '''*.googlevideo.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
|-
|-
| 9
| style="text-align:center;" | 9
| style="text-align:center;" | Zomato Mobile Application
| style="text-align:center;" | Zomato Mobile Application
| Add '''*.zomato.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
| Add '''*.zomato.com''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
|-
|-
| 10
| style="text-align:center;" | 10
| style="text-align:center;" | Zoom Application
| style="text-align:center;" | Zoom Application
| Add '''*.zoom.us''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
| Add '''*.zoom.us''' as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)

Latest revision as of 10:15, 17 October 2025

Home > Enterprise security devices or applications > Paloalto firewall > SSL Decryption Exceptions

Introduction

If SSL Decryption is enabled for WAN traffic, certain mobile applications (such as Google Play Store, YouTube, PhonePe, Netflix), applications common to both systems and mobile devices (such as Zoom), or specific websites (such as IRCTC login) may appear inconsistent or malfunction. This can occur due to certificate pinning, anti-bot mechanisms, or broken certificate chains.

To ensure these applications and websites function correctly even with SSL Decryption enabled, specific exceptions should be configured.

This article provides the resolution steps to mitigate such issues and restore the expected functionality of affected applications and websites.

Please refer to the table below for the issues and their corresponding resolution steps:

S.No.

Issues

Resolution

1 Google Play Store Add the following URLs to a URL Category and include it in the SSL Decryption Exception policy: -
  • *.play.google.com
  • play.google.com
  • *.ggpht.com
  • *.googleapis.com
  • *.gvt1.com
  • *.googleusercontent.com
  • android.clients.google.com
2 IRCTC Login Add the following URLs to a URL Category and include it in the SSL Decryption Exception policy:
  • www.irctc.co.in
  • *.irctc.co.in
3 Jio Cinema Mobile Application Add *.jiocinema.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
4 Ollama Pull Add FQDN object r2.cloudflarestorage.com to the SSL Decryption Exception policy
5 PhonePe Mobile Application Add *.phonepe.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
6 Rapido Mobile Application Add *.rapido.bike as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
7 Uber Mobile Application Add *.uber.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
8 YouTube Mobile Application Add *.googlevideo.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
9 Zomato Mobile Application Add *.zomato.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
10 Zoom Application Add *.zoom.us as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)

Home > Enterprise security devices or applications > Paloalto firewall > SSL Decryption Exceptions

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=SSL_Decryption_Exceptions&oldid=9647"