https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978793#M1019745 <P>Hi,</P> <P></P> <P>Now, i am testing ASA firepower SSL inspection with 6.0. I configured CA as FSMC, SSL policy, Access control rules. Then i can go to <EM><A href="https://www.google.com" target="_blank">https://www.google.com</A>, <A href="https://www.cisco.com" target="_blank">https://www.cisco.com</A></EM> or other https website. But, i am facing the problem with other https site like (gmail, facebook). I can't go to those website. how can do that ? Please help me. I have attached some screenshot. Thanks.</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/capture_90.jpg" class="migrated-markup-image" /></P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/capture3_3.jpg" class="migrated-markup-image" /></P> Tue, 12 Mar 2019 13:05:18 GMT linlinoo 2019-03-12T13:05:18Z https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978793#M1019745 <P>Hi,</P> <P></P> <P>Now, i am testing ASA firepower SSL inspection with 6.0. I configured CA as FSMC, SSL policy, Access control rules. Then i can go to <EM><A href="https://www.google.com" target="_blank">https://www.google.com</A>, <A href="https://www.cisco.com" target="_blank">https://www.cisco.com</A></EM> or other https website. But, i am facing the problem with other https site like (gmail, facebook). I can't go to those website. how can do that ? Please help me. I have attached some screenshot. Thanks.</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/capture_90.jpg" class="migrated-markup-image" /></P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/capture3_3.jpg" class="migrated-markup-image" /></P> Tue, 12 Mar 2019 13:05:18 GMT https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978793#M1019745 linlinoo 2019-03-12T13:05:18Z https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978794#M1019746 <P>Most likely your computer doesn't trust FSMC CA. &nbsp;Firefox maintains it's own Trusted CA list where as most of the other browsers get their trusted CA list from the OS. Make sure you import the FSMC CA into your trusted certificate store via the Microsoft Certificate snap-in and trusted CA store in Firefox.</P> <P></P> <P>Also Chrome will prevent man in the middle certificates to google websites. &nbsp;If you use chrome you will need to make an exception to not decrypt google websites: google.com, gmail.com, youtube.com.</P> <P></P> <P>-Smalley</P> Wed, 27 Jul 2016 16:43:15 GMT https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978794#M1019746 Greg Smalley 2016-07-27T16:43:15Z https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978795#M1019747 <P>Hi Greg,</P> <P></P> <P>Thanks. I already tried like that. It is OK. But, we can't able to import certificate on every PC or laptop in the live network. Right ? We can have 100 or 1000 users in our network. So, how can i do that to automatically import from Firewall to clients. We would like to also block FB chat, post, comment or others. How can we do that ? I already tried to block chat, post. It is not working on version 6.0.</P> Thu, 28 Jul 2016 06:33:48 GMT https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978795#M1019747 linlinoo 2016-07-28T06:33:48Z https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978796#M1019748 <P>On a network you would typically use Group Policy to disperse the needed certificate into the Trusted certificate store. &nbsp;If you are using FireFox you would need to use something like PoilicyPak as FireFox doesn't natively use the Microsoft Cert store.</P> Thu, 28 Jul 2016 13:09:50 GMT https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978796#M1019748 Greg Smalley 2016-07-28T13:09:50Z https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978797#M1019749 <P>Thanks again. How about your idea to block FB chat, post or other social messaging app with cisco firepower? Actually, it can not block ?</P> Fri, 29 Jul 2016 01:24:23 GMT https://community.cisco.com/t5/network-security/asa-with-firepower-ssl-inspection-problem-for-some-https-website/m-p/2978797#M1019749 linlinoo 2016-07-29T01:24:23Z