https://community.cisco.com/t5/network-security/firepower-4110-ssl-decryption-supported-certificates/m-p/3410026#M923575 <P>Dear all ,</P> <P>i am&nbsp; planning to buy SSL certificate for the Firepower IPS model 4110 .</P> <P>SSL certificate is for using https deep inspection .</P> <P>My FMC version :&nbsp;6.2.3.83 .</P> <P>&nbsp;</P> <P>which type of certificate i have to buy , i can see lot of types in the public ca sites . please guide .</P> <P>&nbsp;</P> <P>Thanks ,</P> <P>Praveen</P> <P>&nbsp;</P> Fri, 21 Feb 2020 15:56:38 GMT praveen-dharmaraj 2020-02-21T15:56:38Z https://community.cisco.com/t5/network-security/firepower-4110-ssl-decryption-supported-certificates/m-p/3410026#M923575 <P>Dear all ,</P> <P>i am&nbsp; planning to buy SSL certificate for the Firepower IPS model 4110 .</P> <P>SSL certificate is for using https deep inspection .</P> <P>My FMC version :&nbsp;6.2.3.83 .</P> <P>&nbsp;</P> <P>which type of certificate i have to buy , i can see lot of types in the public ca sites . please guide .</P> <P>&nbsp;</P> <P>Thanks ,</P> <P>Praveen</P> <P>&nbsp;</P> Fri, 21 Feb 2020 15:56:38 GMT https://community.cisco.com/t5/network-security/firepower-4110-ssl-decryption-supported-certificates/m-p/3410026#M923575 praveen-dharmaraj 2020-02-21T15:56:38Z https://community.cisco.com/t5/network-security/firepower-4110-ssl-decryption-supported-certificates/m-p/3410102#M923576 Hi, You cannot use any public CA to sign a certificate for SSL decryption. SSL Decryption is basically performing a MITM attack and impersonating the website's certificate, a public CA would therefore not grant such a certificate.<BR /><BR />The certificate you require has to be issued from a local CA and the template used should be a "Subordinate Certificate Authority" template. All client computers must have the root certificate in it's certificate store in order to not receive any certificate errors.<BR /><BR />HTH Wed, 04 Jul 2018 08:22:37 GMT https://community.cisco.com/t5/network-security/firepower-4110-ssl-decryption-supported-certificates/m-p/3410102#M923576 Rob Ingram 2018-07-04T08:22:37Z https://community.cisco.com/t5/network-security/firepower-4110-ssl-decryption-supported-certificates/m-p/3410237#M923577 <P>Thank you&nbsp; RJI.</P> Wed, 04 Jul 2018 13:09:42 GMT https://community.cisco.com/t5/network-security/firepower-4110-ssl-decryption-supported-certificates/m-p/3410237#M923577 praveen-dharmaraj 2018-07-04T13:09:42Z