search cancel

ProxySG SSL interception is disabled yet the https forward proxy still handles the transaction in policy

book

Article ID: 173759

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

ProxySG SSL interception is disabled yet the https forward proxy still handles the transaction in policy.

HTTPS Forward Proxy handles traffic when SSL Interception is disabled. A "proxy error" or "page cannot be displayed" message is shown to the user.

Resolution

This is the expected behavior. When ssl interception is disabled and the transaction results in an exception or a policy deny, the only way the proxy can deliver the HTTP exception/policy deny error message to the browser is if it decrypts the TLS tunnel.

The certificate returned to the client browser will be from the keyring specified in Configuration>Proxy Settings>SSL Proxy>Issuer Keyring.