The purpose of this article is to provide an explanation for the popup received when using Internet Explorer while going through a ProxySG appliance that is performing authentication.
When accessing websites, Internet Explorer performs background requests to download Certificate Revocation Lists (CRLs) from the internet using a nonstandard User-Agent: Microsoft-CryptoAPI
This User-Agent does not support the authentication methods provided by the proxy, and for this reason, it is unable to download the CRLs correctly if the proxy tries to authenticate those requests.
Authentication needs to be disabled for the User-Agent in order for the popup to stop appearing. This can be done using the following CPL code:
request.header.User-Agent="Microsoft-CryptoAPI" authenticate(no) Allow
There are other User-Agents that have similar issues but display other kinds of errors. Refer to this article for more information on them: