Enabling Blue Coat To Intercept SSL traffic
By default SSL (HTTPS) connections are not intercepted by Blue Coat and therefore data in them are not scanned by the ICAP server. If you would like to scan files which were sent using secure connection, then you can optionally configure Blue Coat to decrypt SSL connections.
How To Configure
Please refer to Blue Coat documentation.
If the ICAP server is not connected directly to Blue Coat or it is not in a private network, then the connection between Blue Coat and ICAP won't be secure anymore and the decrypted data could be in danger. (https://symwisedownload.symantec.com/resources/sites/SYMWISE/content/live/DOCUMENTATION/11000/DOC11474/en_US/SGOSAdmin71.pdf "Securing access to an ICAP Server")
Valid SSL certificates are needed for Blue Coat and user experience could be altered by certification notifications.
How to overcome certificate issues
When creating a keyring and certificate explained in the Blue Coat documentation please give attention to that the Common name "must match the ProxySG name or IP address that the client expects"
After the keyring and the certificate is ready go to Statics → Advanced → SSL → Download a ProxySG Certificate as a CA certificate in ProxySG Management Console
Select the previously created certificate and download/install it to the browser in use
This certificate should be set under Proxy Settings → SSL Proxy and under the SSLInterception which was created during configuring SSL interception