I think this is related to the setting up of the ExternalWebAppURL. The Policy is set to <https> however if the CAS being connected to does not have one of the following configured, it will still default to using the Internal address to the EV server, which by default would be http:
<add key="EnterpriseVault_UseExternalWebAppUrl" value="true"/>
- All requests to use the WebApp URL will use the External Web Application URL setting for Proxy
or
<add key="EnterpriseVault_ExternalHostNames" value="owa.mydomain.local"/>
- only WebApp requests from these host names will use the External Web Application URL setting for Proxy
or
<add key="EnterpriseVault_ExternalIPAddresses" value="192.168.0.5;192.168.0.103"/>
- only WebApp requests from these IP Addresses (commonly the IPs of the Firewall) will use the External Web Application URL setting for Proxy
Here are a few articles that will help:
http://www.symantec.com/business/support/index?page=content&id=TECH60712
Enterprise Vault 2007, 8.0, and 9.0 Web.config options for Microsoft Exchange 2007 Outlook Web Access (OWA)
http://www.symantec.com/business/support/index?page=content&id=TECH141519
Symantec Enterprise Vault Outlook Web Access (OWA) Internal and External WebApp URLs
On a side, make sure you have a rule setup in your Firewall/ISA server to redirect the external URL to the Internal URL. You can actually test this outside of OWA by opening IE, and attempting to go to the external address setup (Ex. https:\\owa.domain.com\enterprisevault\) if the rule is functioning, you should be prompted for credentials and it should open the main web app page where you can go to Search.
Hope this helps!