- A login to the Consumer Skype application using a Microsoft account is authenticated via https://login.live.com domain.
- Since the Consumer Skype application is unable to install CA certificates from the ProxySG, intercepting the SSL traffic to login.live.com will cause SSL client handshake completion failure, as the customer certificates from ProxySG are not trusted by the Consumer Skype application.
Note: In explicit proxy mode, check to see if the Explicit HTTP service has Detect Protocol enabled. If yes, then proceed to the steps below.
Otherwise, if Detect Protocol is not enabled, then the steps below are not needed.
The solution is to bypass the Microsoft IP range and the live.com domain from the SSL Intercept Layer, as shown below.
Depending on which region are you in, you may also need to bypass these ranges:
In some cases, you will need to bypass hotmail.com as well when the user signs in with a Hotmail account.