How to find URLs that should not be inspected

During our POC, our technician created a bunch of URL groups (ie: “Cert-Pinning Google”) with a bunch of URLs that are in an SSL Policy to NOT be inspected.

While this works in the environment, un-inspected traffic does not allow Zscaler to inspect and report on it.

On yesterday, I removed all of these URLs (for the Google one) and after a few hours I got reports that certain apps did not work like Google Drive. I put them back in and now am trying to filter through Web Insight Logs to see which ones were having SSL problems.

What is the proper things I should be filtering on in order to see this?

Hello @webb1976-bf

unfortunately, there is no easy way to find a certificate pinning issue in Insights Logs. When you have certificate pinning and when a user gets to a site and site is asking for certificate, the Zscaler will allow this all the way through, however the retrieval of certificate from local certificate store in local machine is what is failing.

Zscaler has put together a list of sites that are known to have certificate pissing issue: Certificate Pinning and SSL Inspection | Zscaler You might want to refer to this link to for exclusion.

I heard that in next ZIA release 6.2 there should be added feature to be able to recognize a certificate pinning from logs, however for now options are limited.

Kind Regards
Pavel

Hi,

we do not inspect the “Finance” and the “Government” categories as those pages have often issues.

The others we basically found out due to “tickets and complaints”. Most offen caused by fat clients / java clients that do not use the system cert-store.

I am now noting down dates, when I activate “more” of full scale SSL Inspection… Since we event got tickets like… “does not work! - since when - 3 month ago” - and no one remembered that we activated more ssl inspections 3 month ago. :smiley:

Best regards
Andreas

Best regards
Andreas