https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368048#M924053 <P>Running FP 8130 appliances, within FP Management we are seeing "Decryption Error" for port 443 traffic. We have a valid root cert for the MtM decryption process. Where can we find more information about WHY this has a "Decryption Error"?</P> <P>&nbsp;</P> Fri, 21 Feb 2020 15:38:44 GMT ashaw216 2020-02-21T15:38:44Z https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368048#M924053 <P>Running FP 8130 appliances, within FP Management we are seeing "Decryption Error" for port 443 traffic. We have a valid root cert for the MtM decryption process. Where can we find more information about WHY this has a "Decryption Error"?</P> <P>&nbsp;</P> Fri, 21 Feb 2020 15:38:44 GMT https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368048#M924053 ashaw216 2020-02-21T15:38:44Z https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368064#M924054 <P>Hi</P> <P>&nbsp;</P> <P>What's the version of firmware running and exact error?</P> <P>Are you using decrypt resign or decrypt with known key?</P> <P>&nbsp;</P> <P>Thanks</P> <P>Yogesh</P> Wed, 18 Apr 2018 12:22:34 GMT https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368064#M924054 yogdhanu 2018-04-18T12:22:34Z https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368137#M924055 <P>6.1.0, under SSL Status it says "Do Not Decrypt (Decryption Error)"</P> <P>&nbsp;</P> <P>We are using Decrypt - Resign.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 18 Apr 2018 13:33:13 GMT https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368137#M924055 ashaw216 2018-04-18T13:33:13Z https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368864#M924056 <P>Hi</P> <P>&nbsp;</P> <P>You can try using this command on the sensor CLI</P> <PRE style="margin: 0px 10px 10px; padding: 5px; background-color: #e5e5e5; border: 1px dotted #808080; overflow-x: auto; white-space: pre; word-wrap: normal; color: #333333; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">system support ssl-<SPAN class="lia-search-match-lithium" style="font-weight: bold; background: #ffffcc; color: #666666; padding: 0px 2px; line-height: 1.2;">client</SPAN>-<SPAN class="lia-search-match-lithium" style="font-weight: bold; background: #ffffcc; color: #666666; padding: 0px 2px; line-height: 1.2;">hello</SPAN>-tuning extensions_remove 16,13172</PRE> <P>This would make sure some extensions which are not supported on firepower are removed from client hello.</P> <P>The error details need be found using SSL debugs which would require TAC case.</P> <P>&nbsp;</P> <P>Hope it helps,</P> <P>yogesh</P> Thu, 19 Apr 2018 10:29:35 GMT https://community.cisco.com/t5/network-security/quot-decryption-error-quot/m-p/3368864#M924056 yogdhanu 2018-04-19T10:29:35Z