Why doesn't my client.certificate.requested=yes policy work all the time?
As described in FAQ893, SGOS v184.108.40.206 includes a feature "client.certificate.requested" policy for SSL proxy. However, SGOS software has limitations for this policy, as described in SGOS v5.5.x release notes:
❐ The SSL renegotiating feature causes a situation where when an IIS Server or a HTTP Server asks for the certificate, the following policy rule on the SSL Proxy will not work: client.certificate.requested=yes. The reason for this limitation is that the SSL Proxy does not run any policy rules during SSL renegotiations. The current workaround is to create a policy for these websites where SSL tunneling is set up instead of an intercept option.
Because this is an OCS end issue, Blue Coat does not currently have a way to fix this on ProxySG.
Rate this Page
Please take a moment to complete this form to help us better serve you.