Problem
Sometimes applications fail to connect to their service providers when going through the Smoothwall web filter and HTTPS decrypt and inspect is in use. However, you can access their corresponding web services using a browser.
Certificate pinning or embedded certificates
The reason for this is that often applications are written to just connect to the specific web services. So when using HTTPS these apps use either certificate pinning or have embedded the public key of the HTTPS certificate used by the web services, in the application. This behaviour is different from browsers built to validate certificates using certificate authorities.
When going through an HTTPS decrypt policy, a new certificate is created to encrypt the traffic going from the web filter to the client, and since this means a new public key is used, applications fail to compare their embedded or pinned certificate key to the one provided by the web filter and thus the application fails the security check and rejects the traffic.
The only way around this is to bypass HTTPS decrypt and inspect for the domain that the application is trying to access. This has the side effect of the content of the requests not being inspected by the web filter, so if that's a requirement, using a browser to access the application features is needed instead.
We recommend that you read our article Knowing When You Should Bypass the Web Filter and How.