Web Security Service SSL Root Certificate Deployment for Guest Network
Last Updated June 28, 2019
Guests or visitors joining a guest network are not able to browse to HTTPS sites while protected by Web Security Service (WSS).
Web Security Service
Guests that are connected to a guest network are receiving browser errors while protected by WSS and attempting to browse to HTTPS sites.
The machine does not have the Web Security Service Cloud Root Certificate installed in the Trusted Root Certificate Authorities directory.
Exempt the guest network or subnet from SSL Interception
In the WSS portal, navigate to Service -> Network -> SSL Interception -> SSL Interception Policy.
Add a rule with the network subnet as the Source.
Select Do Not Intercept as the Verdict.
Note: This will exempt the network from SSL Interception and some WSS features and policy will not apply correctly.
Alternatively, guests can install the Cloud Root Certificate into the Trusted Root Certificate Authorities directory. It is up to the organization to decide the method of downloading and distributing the certificate to the guest users.