How to Deploy the SSL Proxy in a Proxy Chain?
search cancel

How to Deploy the SSL Proxy in a Proxy Chain?


Article ID: 251006


Updated On:


ProxySG Software - SGOS


The ProxySG appliance at the branch office uses the ProxySG appliance at the data center as its forwarding host, allowing SSL Proxy functionality to be enabled on both appliances. 


Setting Up SSL Proxy Chaining Functionality

  • The branch proxy appliance is configured as the forwarding host of type “HTTP proxy” for the data center proxy appliance.
  • Both proxies have identical SSL related policy; that is, each should make identical decisions in terms of which SSL connections are intercepted and which SSL connections are tunneled.
  • The issuer certificate used by the branch proxy appliance to sign emulated certificates should be imported as a CA certificate on the data center proxy appliance. This ensures that the data center proxy device can successfully verify emulated certificates presented by the branch proxy device. 

Note that this applies to intercepted SSL connections only. For tunneled SSL connections the data center proxy appliance sees the original server certificate.

Now, when an SSL connection is intercepted at the branch proxy appliance, the ProxySG appliance emulates the server certificate and presents the emulated server certificate to the data center proxy  appliance.