The SSL Proxy can be used in explicit mode in collaboration with the HTTP Proxy or SOCKS Proxy. You must create an HTTP Proxy service or a SOCKS Proxy service and use it as the explicit proxy from desktop browsers. When requests for HTTPS content are sent to either a SOCKS proxy or an HTTP proxy, the proxies can detect the use of the SSL protocol on such connections and enable SSL Proxy functionality.
Note: HTTPS requests to ports other than port 443 that are sent to HTTP proxies are not allowed by default; to use other ports, create a policy rule permitting the specific protocol method. For example, the following policy rule allows you to use port 444:
;Example Policy to allow HTTP CONNECT request to port 444
ALLOW http.method=CONNECT url.port=444
Once you have configured the required proxies, you can create an issuer keyring for SSL interception so the SSL proxy can emulate server certificates, and configure SSL policy rules. For help with each of these tasks, please refer to the following sections in Configuration and Management Guide (CMG). Soft copies of the CMG are located at https://bto.bluecoat.com/documentation/pubs/ProxySG .
- Creating an Issuer Keyring for SSL Interception
- Configuring SSL Rules through Policy
For SGOS 5.x, please see Volume 2: Proxies and Proxy Services; Chapter 12: Managing the SSL Proxy; Section A: Intercepting HTTPS Traffic in the CMG.
For SGOS 4.x, please see Chapter 6: Configuring Proxies; Section A: Configuring Explicit Proxies; Configuring an SSL Proxy in the CMG