Configuring the SSL Proxy in explicit mode

<< Back to Knowledge Search



Configuring the SSL Proxy in explicit mode
You want to configure SSL Proxy in explicit mode


The SSL Proxy can be used in explicit mode in collaboration with the HTTP Proxy or SOCKS Proxy. You must create an HTTP Proxy service or a SOCKS Proxy service and use it as the explicit proxy from desktop browsers. When requests for HTTPS content are sent to either a SOCKS proxy or an HTTP proxy, the proxies can detect the use of the SSL protocol on such connections and enable SSL Proxy functionality.

Note: HTTPS requests to ports other than port 443 that are sent to HTTP proxies are not allowed by default; to use other ports, create a policy rule permitting the specific protocol method. For example, the following policy rule allows you to use port 444:

;Example Policy to allow HTTP CONNECT request to port 444

ALLOW http.method=CONNECT url.port=444

Once you have configured the required proxies, you can create an issuer keyring for SSL interception so the SSL proxy can emulate server certificates, and configure SSL policy rules. For help with each of these tasks, please refer to the following sections in Configuration and Management Guide (CMG).  Soft copies of the CMG are located at .

  • Creating an Issuer Keyring for SSL Interception
  • Configuring SSL Rules through Policy

For SGOS 5.x, please see Volume 2: Proxies and Proxy Services; Chapter 12: Managing the SSL Proxy; Section A: Intercepting HTTPS Traffic in the CMG.

For SGOS 4.x, please see Chapter 6: Configuring Proxies; Section A: Configuring Explicit Proxies; Configuring an SSL Proxy in the CMG

Additional Information
Bug Number
InQuira Doc IdKB1477

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 4, SGOS 5
Topic      Services, SSL / HTTPS
Article Number      000008759
Was this helpful?
Previous MonthNext Month