Enabling Bluecoat To Intercept SSL traffic
By default SSL (HTTPS) connections are not intercepted by Bluecoat and therefore data in them are not scanned by the ICAP server. If you would like to scan files which were sent using secure connection, then you can optionally configure Bluecoat to decrypt SSL connections.
How To Configure
Please refer to bluecoat documentation.
If the ICAP server is not connected directly to Bluecoat or it is not in a private network, then the connection between Bluecoat and ICAP won't be secure anymore and the decrypted data could be in danger. (https://bto.bluecoat.com/sites/default/files/tech_pubs/SGOS%20Administration%20Guide_1.pdf "Securing access to an ICAP Server")
Valid SSL certificates are needed for Bluecoat and user experience could be altered by certification notifications.
How to overcome certificate issues
When creating a keyring and certificate explained in the Bluecoat documentation please give attention to that the Common name "must match the ProxySG name or IP address that the client expects"
After the keyring and the certificate is ready go to Statics → Advanced → SSL → Download a ProxySG Certificate as a CA certificate in ProxySG Management Console
Select the previously created certificate and download/install it to the browser in use
This certificate should be set under Proxy Settings → SSL Proxy and under the SSLInterception which was created during configuring SSL interception