Solutions

Configuring the SSL Proxy in explicit mode

Solutions ID:    KB1477
Version:    2.0
Status:    Published
Published date:    03/02/2009
Updated:    05/27/2009
 

Problem Description

Configuring the SSL Proxy in explicit mode
You want to configure SSL Proxy in explicit mode

Resolution

The SSL Proxy can be used in explicit mode in collaboration with the HTTP Proxy or SOCKS Proxy. You must create an HTTP Proxy service or a SOCKS Proxy service and use it as the explicit proxy from desktop browsers. When requests for HTTPS content are sent to either a SOCKS proxy or an HTTP proxy, the proxies can detect the use of the SSL protocol on such connections and enable SSL Proxy functionality.

Note: HTTPS requests to ports other than port 443 that are sent to HTTP proxies are not allowed by default; to use other ports, create a policy rule permitting the specific protocol method. For example, the following policy rule allows you to use port 444:

;Example Policy to allow HTTP CONNECT request to port 444

ALLOW http.method=CONNECT url.port=444

Once you have configured the required proxies, you can create an issuer keyring for SSL interception so the SSL proxy can emulate server certificates, and configure SSL policy rules. For help with each of these tasks, please refer to the following sections in Configuration and Management Guide (CMG).  Soft copies of the CMG are located at https://bto.bluecoat.com/documentation/pubs/ProxySG .

  • Creating an Issuer Keyring for SSL Interception
  • Configuring SSL Rules through Policy

For SGOS 5.x, please see Volume 2: Proxies and Proxy Services; Chapter 12: Managing the SSL Proxy; Section A: Intercepting HTTPS Traffic in the CMG.

For SGOS 4.x, please see Chapter 6: Configuring Proxies; Section A: Configuring Explicit Proxies; Configuring an SSL Proxy in the CMG


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question