https://community.cisco.com/t5/network-security/firepower-hardware-security-module-hsm-integration/m-p/3798649#M1011047 <P>If you put an SSL appliance inline with the Firepower device you can get the traffic in decrypted form and inspect that.</P> <P>&nbsp;</P> <P>If you're using an SSL policy on the Firepower device and specifying decrypt-and-resign as part of the policy then the decryption has to be done on the Firepower device itself - not on an HSM or other appliance.</P> Sun, 10 Feb 2019 12:29:25 GMT Marvin Rhoads 2019-02-10T12:29:25Z https://community.cisco.com/t5/network-security/firepower-hardware-security-module-hsm-integration/m-p/3797593#M1011046 <P>Hello Community,</P> <P>&nbsp;</P> <P>I was wondering if for e.g. especially for Inbound SSL-Decryption Rules it is possible to integrate Cisco Firepower appliances with any 3rd party HSM, so that private keys, etc. will remain outside the Firepower appliance ?</P> <P>&nbsp;</P> <P>Greetings,</P> <P>Thomas</P> Tue, 12 Mar 2019 14:16:53 GMT https://community.cisco.com/t5/network-security/firepower-hardware-security-module-hsm-integration/m-p/3797593#M1011046 thomas.busse 2019-03-12T14:16:53Z https://community.cisco.com/t5/network-security/firepower-hardware-security-module-hsm-integration/m-p/3798649#M1011047 <P>If you put an SSL appliance inline with the Firepower device you can get the traffic in decrypted form and inspect that.</P> <P>&nbsp;</P> <P>If you're using an SSL policy on the Firepower device and specifying decrypt-and-resign as part of the policy then the decryption has to be done on the Firepower device itself - not on an HSM or other appliance.</P> Sun, 10 Feb 2019 12:29:25 GMT https://community.cisco.com/t5/network-security/firepower-hardware-security-module-hsm-integration/m-p/3798649#M1011047 Marvin Rhoads 2019-02-10T12:29:25Z