Configure Bluecoat SSL

Enabling Bluecoat To Intercept SSL traffic

By default SSL (HTTPS) connections are not intercepted by Bluecoat and therefore data in them are not scanned by the ICAP server. If you would like to scan files which were sent using secure connection, then you can optionally configure Bluecoat to decrypt SSL connections.

How To Configure

Please refer to bluecoat documentation.

Limitations

  • If the ICAP server is not connected directly to Bluecoat or it is not in a private network, then the connection between Bluecoat and ICAP won't be secure anymore and the decrypted data could be in danger. (https://bto.bluecoat.com/sites/default/files/tech_pubs/SGOS%20Administration%20Guide_1.pdf "Securing access to an ICAP Server")

  • Valid SSL certificates are needed for Bluecoat and user experience could be altered by certification notifications.

How to overcome certificate issues

  1. When creating a keyring and certificate explained in the Bluecoat documentation please give attention to that the Common name "must match the ProxySG name or IP address that the client expects"

  2. After the keyring and the certificate is ready go to Statics → Advanced → SSL → Download a ProxySG Certificate as a CA certificate in ProxySG Management Console

  3. Select the previously created certificate and download/install it to the browser in use

  4. This certificate should be set under Proxy Settings → SSL Proxy and under the SSLInterception which was created during configuring SSL interception