Without SSL interception, the existing Web access policy rules cannot be applied because HTTPS requests are encrypted and tunneled.
For HTTPS requests, without SSL interception, the ProxySG appliance cannot test URLs with Web Access policy rules because the transactions are encrypted and tunneled. In other words, there is no way that a ProxySG appliance can see and know the requested URL or other HTTP request header information.
Content Policy Language
If you want to use CPL code instead of VPM, use the following CPL codes as examples, develop your policy rule, and add it in your local policy file or in a VPM CPL layer.
server.certificate.hostname.exact="www.bluecoat.com" Allow ; matching exact certificate hostname.
server.certificate.hostname=".bluecoat.com" Deny ; matching domain
server.certificate.hostname.substring="bluecoat.com" Allow ; matching contains
By the same token you can add a rule based on Server Certificate Categories.
If you want to use CPL code instead of VPM, please use the following CPL codes as examples, and develop your policy rule and add it in your local policy file or in a VPM CPL layer.
server.certificate.hostname.category="(Adult/Mature Content)" DENY ; deny if certificate category matches Adult/Mature Content
server.certificate.hostname.category="(Education)" ALLOW ; allow if certificate category matches Education