This could be related to a number of things. What you could look for is since this is the inner channel, ensure that port 443 is removed from the port labels (or create a new inpath rule above the secure passthrough rule).
One other small thing you could look for is ensure that all proxy certs are valid on both the portal and the SCA itself and not in a gray list.
Otherwise, you will need a TAC case open with us and so that we can take a look. SaaS with Steelhead has a lot of moving parts to ensure optimization deploys properly.