Why doesn't my SGOS 5.x ProxySG appliance rule for client.certificate.requested=yes policy work all the time?
As described in FAQ893, SGOS v18.104.22.168 includes a feature "client.certificate.requested" policy for SSL proxy. However, SGOS software has limitations for this policy, as described in SGOS v5.5.x release notes:
❐ The SSL renegotiating feature causes a situation where when an IIS Server or a HTTP Server asks for the certificate, the following policy rule on the SSL Proxy will not work: client.certificate.requested=yes. The reason for this limitation is that the SSL Proxy does not run any policy rules during SSL renegotiations. The current workaround is to create a policy for these websites where SSL tunneling is set up instead of an intercept option.
For SGOS V6, SGOS V22.214.171.124 and above includes an enhancement for SSL Client Certificate Renegotiation. This enhancement negates the above limitation.
Rate this Page
Please take a moment to complete this form to help us better serve you.