Don't. If employees want to take responsibility for their own devices, let them, and kick those devices off the network if they do anything wrong (e.g. spam/virus/botnet/illegal-activity/etc).
If you have a security environment with severe restrictions about compartmentalization of information, stick user-managed devices on a separate network segment without access to sensitive internal resources.
What, exactly, do you expect to gain by sniffing SSL traffic from a user's personal smartphone?