Users have an iPhone, iPad, or iPod and are having issues connecting to the iTunes store via SSL through a ProxySG appliance.  They receive one of the following error messages:

"Cannot connect to iTunes Store" 

"A secure connection could not be established. Please check your Date & Time settings."

This issue occurs because the ProxySG appliance through which users are connecting to iTunes has SSL interception and decryption configured. With this configuration, the appliance uses a custom certificate that the administrator pushes to all desktop browsers. As iOS devices are not part of such a deployment, users must install the appliance's certificate manually on their iOS devices. The installation needs to be performed just once, until either the iOS device is reverted to a factory default state or the appliance's SSL interception certificate expires.

To install the appliance certificate manually on an iOS device:

1. On the iOS device, browse to the following URL:
   https://<IP.address:8082>/SSL/download_ca
   Administrator note: Providing this access does not require that users have administrative rights to the Management Console. Alternatively, you may host the CA Certificate on a web server in your own environment. 
2. Select the desired Certificate (in this case, 'default') to be installed.
   
3. Tap Install to install the Certificate Profile. 
   
   iOS provides the following prompts as you proceed with installation.
   
   
    
   
   Once the certificate is installed successfully, a new item called Profile is displayed in the iOS device Settings page.
    
   
   Note: You can also remove expired certificates on this screen. To remove one, select it and tap Remove.