Make sure that you have granted the necessary
Identity and Access Management (IAM) permissions to the
service account
in your Google Cloud project so that it can access the Certificate Authority Service.
Verify that you have defined a valid ApplicationMatcher by using the
CEL matcher language
to correctly identify the traffic for decryption.
Check that your client devices trust the
certificate authority (CA) pool
your Secure Web Proxy instance uses; without this trust, connections can
be terminated with SSL/TLS handshake errors.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-02-27 UTC."],[],[]]
