This feature is available starting in ASG/ProxySG versions 6.7.x and greater.
Authenticating users in a typical reverse proxy deployment involves steps such as configuring a client certificate authentication realm in SGOS and providing authentication to origin content servers (OCSs) behind the proxy using Kerberos, or forwarding specific client certificate fields to the OCS using an HTTP header. To facilitate choosing signing certificates for the client, it's possible to emulate client certificates. When this feature is enabled:
The appliance requests a certificate from the client.
If the client returns a certificate, the appliance copies the certificate attributes to a new client certificate (so that it appears to originate from the client). Emulation does not occur if the client does not return a certificate.
The appliance presents the certificate during the SSL/TLS handshake when an OCS requests a client certificate.
Please reference the 6.7 Release Notes which can be downloaded at https://support.symantec.com > Downloads > Network Protection (BlueCoat) Downloads - and navigate to the 6.7 release notes for the Proxy or ASG.
The Admin Guide also covers this topic. Find this Admin guide linked below: