Dropbox gives "Unable to make a secure connection," and states that the time is incorrect. This happens because SSL interception is taking place.

Dropbox client software does not recognize\trust the certificate issued by the ProxySG. It is not possible to create a certificate that is trusted by the Dropbox software, as you cannot import root Ca's into Dropbox client software.

Dropbox clients uses port 443 to establish connections to various hosts that are dynamically allocated by the Dropbox hosts. For example:

dl-client53.dropbox.com
dl-client223.dropbox.com
dl-client180.dropbox.com

These destination hosts are from various segments of the world IP, from many different countries.

Workaround

The only way to work around this is to disable SSL interception on this type of traffic, in order to be able to establish SSL handshaking.

IMPORTANT NOTE: Use of Dropbox will greatly increase the amount of traffic, as it is a P2P sharing application.

Follow these steps:

1. In the VPM, create/edit an SSL Intercept Layer.
2. Create a new rule on top of the SSL Intercept Layer:

Source > Any

Destination > Set > New > Server Certificate

Hostname: > dropbox.com > Domain

3. Click OK.
4. Select Action > Set > Disable SSL Interception.

5. Click OK.
6. Install the policy.

The Dropbox client software will now be able to establish SSL connections that contain a server certificate from *.dropbox.com.

The details of this workaround are correct at the time this article was written. Future maintenance of the rule might be needed if dropbox.com changes its certification properties which is beyond the control of Blue Coat.