SSL Decryption Exceptions

From Notes_Wiki
Revision as of 10:10, 17 October 2025 by Aradhya (talk | contribs) (Created page with "Home > Enterprise security devices or applications > Paloalto firewall > SSL Decryption Exceptions ==Introduction== If the SSL Decryption is enabled for WAN traffic a few mobile applications such as Google Play Store, YouTube, PhonePe, Netflix, etc. or applications common to both system and mobiles such as Zoom, etc. or a few websites such as IRCTC Login, etc might seem inconsistent or broken because of either certificate pinning, anti-bot mech...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > Enterprise security devices or applications > Paloalto firewall > SSL Decryption Exceptions

Introduction

If the SSL Decryption is enabled for WAN traffic a few mobile applications such as Google Play Store, YouTube, PhonePe, Netflix, etc. or applications common to both system and mobiles such as Zoom, etc. or a few websites such as IRCTC Login, etc might seem inconsistent or broken because of either certificate pinning, anti-bot mechanism, broken certificate chain.

For these application, websites to work even if SSL Decryption is enabled a few exceptions should be added.

This article will guide the resolution steps that should be followed to mitigate the issue or steps should be followed to restore the working of applications and websites as expected

Please refer to the table below for the issues and their resolution steps: -

S.No.

Issues

Resolution

1 Google Play Store Add the following URLs to a URL Category and include it in the SSL Decryption Exception policy: -
  • *.play.google.com
  • play.google.com
  • *.ggpht.com
  • *.googleapis.com
  • *.gvt1.com
  • *.googleusercontent.com
  • android.clients.google.com
2 IRCTC Login Add the following URLs to a URL Category and include it in the SSL Decryption Exception policy:
  • www.irctc.co.in
  • *.irctc.co.in
3 Jio Cinema Mobile Application Add *.jiocinema.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
4 Ollama Pull Add FQDN object r2.cloudflarestorage.com to the SSL Decryption Exception policy
5 PhonePe Mobile Application Add *.phonepe.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
6 Rapido Mobile Application Add *.rapido.bike as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
7 Uber Mobile Application Add *.uber.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
8 YouTube Mobile Application Add *.googlevideo.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
9 Zomato Mobile Application Add *.zomato.com as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)
10 Zoom Application Add *.zoom.us as a Certificate Exception in the SSL Decryption Exclusion (Device -> Certificate Management)

Home > Enterprise security devices or applications > Paloalto firewall > SSL Decryption Exceptions

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=SSL_Decryption_Exceptions&oldid=9640"