We are using XI50; Firmware 188.8.131.52
I am wondering the impact of changing the parameter from off state to on state on existing consumers.
I don't believe adding the CA list will impact existing clients, but it would be worth testing first. Do you have a non-production test environment you could use? I assume you're discussing a Front Side Handler's Reverse SSL Proxy Profile. If so your other option would be to have them use a separate port from other clients so they would get a unique SSL configuration, but then that is more configuration for you to have to manage.