Dropbox gives "Unable to make a secure connection," and states that the time is incorrect. This happens because SSL interception is taking place.
Dropbox client software does not recognize\trust the certificate issued by the ProxySG. It is not possible to create a certificate that is trusted by the Dropbox software, as you cannot import root Ca's into Dropbox client software.
Dropbox clients uses port 443 to establish connections to various hosts that are dynamically allocated by the Dropbox hosts. For example:
These destination hosts are from various segments of the world IP, from many different countries.
The only way to work around this is to disable SSL interception on this type of traffic, in order to be able to establish SSL handshaking.
IMPORTANT NOTE: Use of Dropbox will greatly increase the amount of traffic, as it is a P2P sharing application.
Follow these steps:
In the VPM, create/edit an SSL Intercept Layer.
Create a new rule on top of the SSL Intercept Layer:
Source > Any
Destination > Set > New > Server Certificate
Hostname: > dropbox.com > Domain
Select Action > Set > Disable SSL Interception.
Install the policy.
The Dropbox client software will now be able to establish SSL connections that contain a server certificate from *.dropbox.com.
The details of this workaround are correct at the time this article was written. Future maintenance of the rule might be needed if dropbox.com changes its certification properties which is beyond the control of Blue Coat.
Imported Document ID: 000009197
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.