SSL Decryption and www.apple.com

cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Decryption and www.apple.com

L4 Transporter

We are testing SSL decryption and are finding that Macs are getting a certificate warning page when visiting https://www.apple.com.  The warning says "This website may be impersonating "www.apple.com" to steal your personal or financial information".  These Macs do trust our Root CA, so it's not that.  I put "www.apple.com" in the SSL Decryption Exclusion list and that resolved it.

 

Anyone know what is causing this warning? Is it certificate pinning? A couple of our Mac testers also reported that they could not download the Big Sur update over GlobalProtect(www.apple.com was not yet in the exclusion list).  Does the Palo need www.apple.com(and maybe others) added to the SSL Decryption Exclusion list in order for Mac updates to work?

1 REPLY 1

Cyber Elite
Cyber Elite

@jambulo,

If the users are using Safari they'll receive that error unless you exclude the site from decryption, if they utilize something like Chrome or Edge then you won't see that warning. 

Generally speaking there's not a lot of Apple services that support being decrypted, and I generally just recommend people bypass decryption for this traffic. Apple does a really good job publishing the exceptions that you need to create HERE

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!