Safenet HSM have an application or utility called Luna client or "lunacm" that initiates a connection to the device.

When trying to connect through the proxy, it failed and there is an error that says "SSL connect error".

When bypassing the proxy, it works fine.

The Luna client will try to do an Online Certificate Status Protocol (OCSP) when trying to connect to the server.

Assuming the server hostname is www.luna-server.com, it will not only try to connect to this URL but also to the following URLs:

     digicert.com
     ocsp.comodoca.com
     crl.comodoca.com
     ocsp.usertrust.com
     crl.usertrust.com
     ocsp.sectigo.com
     crl.sectigo.com

However the proxy is blocking the above URLs based on the packet capture and policy trace.

On the proxy, those URLs would need to be allowed. However in the future, the URLs might be changed, so it would be best to further confirm the access based on the proxy's policy trace and packet capture.

After allowing the above URLs on the proxy, run the following command on the client machine to clear the OCSP cache.

c:\> certutil –urlcache OCSP delete