How to configure Secure Socket Layer (SSL) interception on an explicit proxy on ProxySG or Advanced Secure Gateway (ASG).

Note that you cannot use a regular SSL certificate from a Commercial CA that does not have certificate issuing rights.

To configure SSL interception on an Explicit proxy, the following is required.

• SSL license
• Explicit proxy service with Protocol detection enabled.
• SSL certificate with issuing rights.

To setup SSL interception on your Explicit proxy follow the instructions below.

1. Enable Detect Protocol in the explicit HTTP service (Configuration > Services > Proxy Services > Edit Service)

2. Use an existing Keyring or create a new Keyring.
3. You can either use self-signed certificate or use a CA signed certificate for the interception.

4. Create the SSL intercept Layer and the HTTPS Interception action, Select the correct SSL certificate created in step 2.

4. Check that you are intercepting successfully by going to an SSL page and check that the issuer is the previously created Keyring.