Dropbox, SSL Interception, and Issues when enforcing user/group based policy.
Last Updated April 08, 2019
A policy rule, created in the ThreatPulse portal editor, to block or allow Dropbox for specific users or groups does not work. A likely cause is certificate pinning.
Normally, certificates are verified/validated by inspecting the signature hierarchy: - > [MyCert] →signed by [IntermediateCert] → signed by [RootCert] - - > Where [RootCert] is listed in your computer's "Trusted Cert Store."
Certificate Pinning differs in that you ignore the hierarchy above and instead say "Trust this cert only," or "Only trust certificates, signed by this certificate." For example, Windows Update Service trusts only certificates signed by Microsoft. This can effectively mitigate any risk of a compromised CA cert.