IMessaging connects to a server using the certificate *.ess.apple.com which is signed by Apple Root CA.
Apple Root CA is not a CA that common browsers trust. Moreover the ProxySG appliance does not trust it by default and will terminate the connection with a certificate warning (untrusted issuer).
The Signing cert for *.ess.apple.com is not trusted by the ProxySG appliance by default.
Import the Apple Root CA into the ProxySG CA certificate list:
Note:
An issue of this nature can also be encountered when Apple devices need to access other sites such as the following:
gsas.apple.com
*fmip.icloud.com