Showing results for 
Search instead for 
Did you mean: 

CSCvo42254 - FPR2100/1000 - FDM does not allow to add CA signed cert for Management Web Server

Level 1
Level 1

I'm on 6.6.0 and I am getting this bug.

10 Replies 10

Level 1
Level 1

How is this fixed. If I am having this issue running 6.6.1

I was trying to update my FTD from 7.0.4 to 7.2.5 and the upgrade was always failing with a Java error at about 38% and then reverting back. 

Eventually I discovered that the webserver certificate was expired. Trying to replace the certificate with a CA signed certificate is failing with "SSP server unavailable" error. 

Here is what I have done to fix this.  These steps worked for me in both in 7.0.4 and 7.2.4. You can't replace the webserver certificate with a CA signed certificate but you can replace it with a self signed certificate on the firepower itself.

1. ssh to your firepower (with FDM)

2. go to expert mode

3. sudo su

4. cd /etc/ssl

5. Generate - CSR request

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out firepower.csr

6. Sign the "self signed" certificate

openssl x509 -req -days 825 -in firepower.csr -signkey private.key -out server.pem

7. Replace the certificate and private key in DefaultWebserverCertificate (firepower/Objects/Certificate in FDM) with the private.key and server.pem generated above. Run these on your firepower and copy the output: cat /etc/ssl/private.key respectively, cat /etc/ssl/server.pem

8. restart the device. After this the upgrade will work.

Jose Anda
Level 1
Level 1

I am importing several objects to FTD 1120 - 6.6.1-91 via API Call and I am getting this error:



"statusMessage": "Configuration import failed at step of 'import objects'. Configuration import failed - SSP Server Unavailable\nSSP Server Unavailable",
"scheduleUuid": "d270b736-da16-11eb-9061-d98ad80b9753",
"diskFileName": "ftd1.txt",

Level 1
Level 1

I'm running 6.7.0-65 and receiving it as well.

Cisco Firepower 1120 Threat Defense (78) Version 6.6.4 (Build 64)

I have the same "SSP Server Unavailable" when replace default cert

Level 1
Level 1

Me Too!!! Anyone found a solution?

Level 1
Level 1

same for me on Cisco Firepower 2120 Threat Defense (77) Version 7.0.4 (Build 55)

Level 1
Level 1

I am having this issue on 7.0.1-84.


Level 1
Level 1

Same with managed by FDM, SSP Server Unavailable when updating "DefaultWebserverCertificate" 

Has anyone found a solution? 

See my solution above. works on 7.2.4.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: