How to configure Secure Socket Layer (SSL) interception on an explicit proxy on ProxySG or Advanced Secure Gateway (ASG).
Note that you cannot use a regular SSL certificate from a Commercial CA that does not have certificate issuing rights.
To configure SSL interception on an Explicit proxy, the following is required.
To setup SSL interception on your Explicit proxy follow the instructions below.
1. Enable Detect Protocol in the explicit HTTP service (Configuration > Services > Proxy Services > Edit Service)
2.1 Use an existing Keyring or create a new Keyring. If you are using a Self-Signed certificate remember to distribute the Certificate to the clients as described in How to distribute root certificates to clients using Group Policy
2.2 If using an internal Microsoft PKI infrastructure see Steps to create a keyring with a certificate issued by a Microsoft Certification Authority server on how to obtain a certificate.
3. Create the SSL intercept Layer and the HTTPS Interception action, Select the correct SSL certificate created in step 2.
4. Check that you are intercepting successfully by going to an SSL page and check that the issuer is the previously created Keyring.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.