LogoLogo
  • Introducing dope.swg
    • Changing the Rules...
    • Quick Start Guide
      • Create a dope.swg Account
      • Get Started with the dope.endpoint
      • Import User and Group Data
      • Create a dope.swg Web Policy
    • Mitre ATT&CK and Nist CSF
  • dope.console
    • Analytics
      • Overview dashboard
      • Policy View
      • Productivity
      • Shadow IT
      • Detail View
    • dope.swg Policy
      • Editing the Base Policy
      • Adding Policy Exceptions
      • Assigning a Block Page
      • Creating Custom Categories
      • URL Bypass List
      • Application Bypass List
      • Default Bypass List
      • Cloud Application Control (CAC)
        • Microsoft O365
        • Google
        • Box
        • Salesforce
        • Dropbox
        • Slack
        • WebEx
      • Custom Policy
      • Policy Assignment
      • Policy Inheritance and Customization
    • CASB Neural
      • Microsoft 365 - Authentication
      • Google - Authentication
      • CASB DLP
        • DLP Files Table
    • Endpoint Manager View
      • Searching the View
      • Filtering and Sorting the Endpoint View
      • Endpoint Count
      • Running Diagnostics
      • Disable Endpoint
    • Settings
      • General
      • Block Pages
      • Endpoints
      • Users
        • Importing from Google
        • Why not SAML & SCIM?
      • Audit Log
      • SIEM Integration
        • Category & Verdict Mappings
      • API Client Credentials
      • Billing Details
    • Notifications
      • SSL Errors
  • dope.endpoint
    • Trusted Process Names
    • Generate Diagnostics
    • Disable Endpoint
    • Installing using MDM on Mac
      • Using JAMF
      • Using Kandji
      • Using Intune
    • Installing using Intune on Win
    • Mac Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • Windows Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • dope.endpoint UI
      • Windows UI
      • macOS UI
    • Automatic Updates
  • Release Notes
  • DOPE.APIs
    • Public API Specification
Powered by GitBook
On this page
  • How does it work?
  • By App View
  • Bypassing an Application
  • By URL View
  • Bypassing a URL
  1. dope.console
  2. Notifications

SSL Errors

PreviousNotificationsNextTrusted Process Names

Last updated 1 year ago

SSL inspection can sometimes cause issues and break some applications that rely on SSL encryption to function correctly. There can be different underlying reasons for breaking applications, which include certificate validation issues, hard-coded IP addresses and domains, and application-specific SSL configurations.

Unlike other products dope.swg does not expect admins to work out what needs to be bypassed from inspection to get an application to work. At dope.security we have implemented a SSL error reporting feature. With this feature the dope.endpoint detects any application and URL that is breaking on the device. It then reports this to the dope.cloud where the admin can add the required application or URL to the bypass list with a single click.

How does it work?

When an SSL error happens on a dope.endpoint then the endpoint will send the combination of the application and the URL affected by the error. This can then be seen as a new notification in the notification view. When there’s a new SSL error notification for an admin to view the notification will be updated to the following icon .

Once the admin selects the notification icon they will get to see the notification view with the errors split into “By App” and “By Url.” This allows the admin to decide how he wants to fix the SSL problem. It is possible to bypass the entire application which means all traffic from the application would be bypassed. Or if the admin does not want to bypass the entire application they can bypass based on URL.

By App View

Selecting the “By App” view shows a list of applications that have reported SSL errors. As well as listing the applications, it's also possible to see the URLs associated with the application’s SSL error. This visibility will help the admin decide if they should add the application or the URL(s) to the bypass list.

Bypassing an Application

To bypass an application, all an admin must do is select one or many applications using the checkbox.

Once an application selection is made, a button to add the application to all bypass lists will appear.

Selecting the “Bypass for all policies” button will add the checked application(s) to all policies in your dope.swg tenant.

Once an application is added to the Bypass list, it will no longer be seen in the notifications view unless it is removed from the Bypass list.

Admins can only bypass applications from this view. They cannot bypass URLs.

By URL View

Selecting the “By URL” view shows a list of each URL that has reported SSL errors. As well as displaying each URL, the view groups the URLs by Top Level Domain (TLD). This parent grouping allows the admin to bypass the TLD instead of each URL individually.

Bypassing a URL

To bypass a TLD or an individual URL, an admin only needs to select either the TLD or the individual URL.

Once the admin makes their selection, a button to add the application to all bypass lists will appear.

Selecting the “Bypass for all policies” button will add the checked TLD or URL to all policies in your dope.swg tenant.

Once a URL is added to the Bypass list, it will no longer be seen in the notifications view unless it is removed from the Bypass list.

Selecting the (parent) TLD will result in all its children URLs getting selected, however, only the TLD will be added to the Bypass list.

If an admin chooses not to act on a URL or an application, then its alert will remain in the notifications view for 7 days. After this time, they will be removed and not shown again.

By hovering over the user icon it is possible to see which users have reported the issue.

SSL Errors 'By App'
Bypass Application Action
SSL Errors 'By URL'
Bypass URL Action