The Edge SWG (ProxySG) does not have the option to serve the PAC file from the Proxy using an HTTPS service.  Instead, you will need to configure a Reverse Proxy HTTPS service.

Additionally, client browsers must be configured to trust the Proxy Certificate when opening the Proxy Web Management Console.

First, go to Configuration > Services > Proxy Services > Manage Groups:

Then select the + Add Group tab on the upper right.  Choose a name for your newly added group.  Apply tab.

This will take you to the Proxy Services page. Click on the Save tab on the right.

From the Configuration > Services > Proxy Services, select the + Add Service tab.

From the add service page:

Inside the Windows Service Group

• Select the name of the new group you just created

On Proxy settings

• Select HTTPS Reverse Proxy

Keyring

• Select the name of the certificate to present to the Browser for the incoming connection

 Listeners

• Select the + Add Listener tab

Which brings up this window:

Enter the source addresses using your internal network IPs, which will request the PAC file.

Destination address, select Explicit

Port range, use the port that you want to dedicate to serve the PAC file, in this example 8088.

Action, Intercept, and select Add.  Then Save. Your new service will now be listed un the Proxy Services table.