cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2159
Views
5
Helpful
10
Replies

CSCvo42254 - FPR2100/1000 - FDM does not allow to add CA signed cert for Management Web Server

bhhenderson
Level 1
Level 1

I'm on 6.6.0 and I am getting this bug.

10 Replies 10

JohnHall55161
Level 1
Level 1

How is this fixed. If I am having this issue running 6.6.1

I was trying to update my FTD from 7.0.4 to 7.2.5 and the upgrade was always failing with a Java error at about 38% and then reverting back. 

Eventually I discovered that the webserver certificate was expired. Trying to replace the certificate with a CA signed certificate is failing with "SSP server unavailable" error. 

Here is what I have done to fix this.  These steps worked for me in both in 7.0.4 and 7.2.4. You can't replace the webserver certificate with a CA signed certificate but you can replace it with a self signed certificate on the firepower itself.

1. ssh to your firepower (with FDM)

2. go to expert mode

3. sudo su

4. cd /etc/ssl

5. Generate - CSR request

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out firepower.csr


6. Sign the "self signed" certificate

openssl x509 -req -days 825 -in firepower.csr -signkey private.key -out server.pem

7. Replace the certificate and private key in DefaultWebserverCertificate (firepower/Objects/Certificate in FDM) with the private.key and server.pem generated above. Run these on your firepower and copy the output: cat /etc/ssl/private.key respectively, cat /etc/ssl/server.pem

8. restart the device. After this the upgrade will work.

Jose Anda
Level 1
Level 1

I am importing several objects to FTD 1120 - 6.6.1-91 via API Call and I am getting this error:

 

 

"statusMessage": "Configuration import failed at step of 'import objects'. Configuration import failed - SSP Server Unavailable\nSSP Server Unavailable",
"scheduleUuid": "d270b736-da16-11eb-9061-d98ad80b9753",
"diskFileName": "ftd1.txt",

travisr
Level 1
Level 1

I'm running 6.7.0-65 and receiving it as well.

Cisco Firepower 1120 Threat Defense (78) Version 6.6.4 (Build 64)

I have the same "SSP Server Unavailable" when replace default cert

dbullion
Level 1
Level 1

Me Too!!! Anyone found a solution?

s.balon
Level 1
Level 1

same for me on Cisco Firepower 2120 Threat Defense (77) Version 7.0.4 (Build 55)

TEST58
Level 1
Level 1

I am having this issue on 7.0.1-84.

 

allenh
Level 1
Level 1

Same with 7.2.4.1-43 managed by FDM, SSP Server Unavailable when updating "DefaultWebserverCertificate" 

Has anyone found a solution? 

See my solution above. works on 7.2.4.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: