Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
170
Views
1
Helpful
3
Replies

Ssl certificate error

Vishal6
Level 3
Level 3

‎07-25-2025 01:04 AM

Hi All,

Facing an error where crowdstrike agent not able to connect to crowdstrike portal due to ssl certificate failed error. I have added the required url in allow list and decryption bypass policy, still the same issue.

Pls note: Currently im using self signed certificate for proxy traffic. Attached error for reference.

vbnet
CopyEdit
ValidateCertificate: CheckCertificate failed: e0020015  
Unable to connect to ts01-gyr-maverick.cloudsink.net:443  

 

 

Vishal6_1-1753430653013.png

 

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎07-25-2025 03:09 AM

You should put that url in bypass so that the WSA doesn't interfere with that traffic.
(Only do this with traffic you trust)


>From the user guide:

Configuring Web Proxy Bypassing for Web Requests
Procedure
Step 1

Choose Web Security Manager > Bypass Settings.

Step 2

Click Edit Bypass Settings.

Step 3

Enter the addresses for which you wish to bypass the web proxy.

Note


When you configure /0 as a subnet mask for any IP in the bypass list, the appliance bypasses all the web traffic. In this case, the appliance interprets the configuration as 0.0.0.0/0.

Step 4

Choose the Custom URL Categories that you want to add to the proxy bypass list.

Note


You cannot set the web proxy bypass for Regular Expressions.

Note


Once you add the Custom URL Categories to the proxy bypass list, all the IP addresses and the domain names of the Custom URL categories are bypassed for both the source and destination.

Step 5

Submit and commit your changes.

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎07-26-2025 08:13 AM

Hello @Vishal6 

The Steps Ken's mentioned will be applied if you are using Transparent Proxy 

in case you are using Explicit proxy, ( in which from the logs, it seems that the application is aware of the proxy), you can use this link:

https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance/222465-bypass-microsoft-updates-traffic-in-secu.html

kindly have your own custom URL category ( this article is for MS-Update) , and please be advised: 

[1] In Bypass, WSA will not touch the traffic (Ken's steps) and WSA will route the traffic to its gateway 

[2] In Passthrough (Decryption Policy WSA will have 2 sessions, one to client and one to the web-server, but it will not touch the certificates 

[3] In Allow (Access Policy): WSA will decrypt the traffic, you will see the certificate was signed by the WSA. and WSA will not scan the content.

 

going back to your concerns, that would be best to check the WSA's accesslogs to make sure the traffic is hitting the correct Policy 

 

 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++

Vishal6
Level 3
Level 3
In response to amojarra

‎07-27-2025 10:21 AM

Hi,

Not getting logs on wsa, however when I checked on crowdstrike server got the SSL certificate error  As per your steps, it seems pass through will work here.

0 Helpful
Customers Also Viewed These Support Documents