SSL Errors
Last updated
Last updated
SSL inspection can sometimes cause issues and break some applications that rely on SSL encryption to function correctly. There can be different underlying reasons for breaking applications, which include certificate validation issues, hard-coded IP addresses and domains, and application-specific SSL configurations.
Unlike other products dope.swg does not expect admins to work out what needs to be bypassed from inspection to get an application to work. At dope.security we have implemented a SSL error reporting feature. With this feature the dope.endpoint detects any application and URL that is breaking on the device. It then reports this to the dope.cloud where the admin can add the required application or URL to the bypass list with a single click.
When an SSL error happens on a dope.endpoint then the endpoint will send the combination of the application and the URL affected by the error. This can then be seen as a new notification in the notification view. When there’s a new SSL error notification for an admin to view the notification will be updated to the following icon .
Once the admin selects the notification icon they will get to see the notification view with the errors split into “By App” and “By Url.” This allows the admin to decide how he wants to fix the SSL problem. It is possible to bypass the entire application which means all traffic from the application would be bypassed. Or if the admin does not want to bypass the entire application they can bypass based on URL.
Selecting the “By App” view shows a list of applications that have reported SSL errors. As well as listing the applications, it's also possible to see the URLs associated with the application’s SSL error. This visibility will help the admin decide if they should add the application or the URL(s) to the bypass list.
To bypass an application, all an admin must do is select one or many applications using the checkbox.
Once an application selection is made, a button to add the application to all bypass lists will appear.
Selecting the “Bypass for all policies” button will add the checked application(s) to all policies in your dope.swg tenant.
Once an application is added to the Bypass list, it will no longer be seen in the notifications view unless it is removed from the Bypass list.
Admins can only bypass applications from this view. They cannot bypass URLs.
Selecting the “By URL” view shows a list of each URL that has reported SSL errors. As well as displaying each URL, the view groups the URLs by Top Level Domain (TLD). This parent grouping allows the admin to bypass the TLD instead of each URL individually.
To bypass a TLD or an individual URL, an admin only needs to select either the TLD or the individual URL.
Once the admin makes their selection, a button to add the application to all bypass lists will appear.
Selecting the “Bypass for all policies” button will add the checked TLD or URL to all policies in your dope.swg tenant.
Once a URL is added to the Bypass list, it will no longer be seen in the notifications view unless it is removed from the Bypass list.
Selecting the (parent) TLD will result in all its children URLs getting selected, however, only the TLD will be added to the Bypass list.
If an admin chooses not to act on a URL or an application, then its alert will remain in the notifications view for 7 days. After this time, they will be removed and not shown again.
By hovering over the user icon it is possible to see which users have reported the issue.
