Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2862
Views
7
Helpful
11
Replies

CSCvo42254 - FPR2100/1000 - FDM does not allow to add CA signed cert for Management Web Server

bhhenderson
Level 1
Level 1

‎05-24-2020 06:43 PM

I'm on 6.6.0 and I am getting this bug.

8 people had this problem
Labels:
11 Replies 11

JohnHall55161
Level 1
Level 1

‎04-23-2021 12:59 PM

How is this fixed. If I am having this issue running 6.6.1

0 Helpful

as75
Level 1
Level 1
In response to JohnHall55161

‎09-17-2023 10:41 PM

I was trying to update my FTD from 7.0.4 to 7.2.5 and the upgrade was always failing with a Java error at about 38% and then reverting back. 

Eventually I discovered that the webserver certificate was expired. Trying to replace the certificate with a CA signed certificate is failing with "SSP server unavailable" error. 

Here is what I have done to fix this.  These steps worked for me in both in 7.0.4 and 7.2.4. You can't replace the webserver certificate with a CA signed certificate but you can replace it with a self signed certificate on the firepower itself.

1. ssh to your firepower (with FDM)

2. go to expert mode

3. sudo su

4. cd /etc/ssl

5. Generate - CSR request

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out firepower.csr


6. Sign the "self signed" certificate

openssl x509 -req -days 825 -in firepower.csr -signkey private.key -out server.pem

7. Replace the certificate and private key in DefaultWebserverCertificate (firepower/Objects/Certificate in FDM) with the private.key and server.pem generated above. Run these on your firepower and copy the output: cat /etc/ssl/private.key respectively, cat /etc/ssl/server.pem

8. restart the device. After this the upgrade will work.

qjamil001
Level 1
Level 1
In response to as75

‎06-10-2024 10:54 AM

This worked for me. You saved me a lot of time and headache! Thank you!

0 Helpful

Jose Anda
Level 1
Level 1

‎06-30-2021 07:57 PM

I am importing several objects to FTD 1120 - 6.6.1-91 via API Call and I am getting this error:

 

 

"statusMessage": "Configuration import failed at step of 'import objects'. Configuration import failed - SSP Server Unavailable\nSSP Server Unavailable",
"scheduleUuid": "d270b736-da16-11eb-9061-d98ad80b9753",
"diskFileName": "ftd1.txt",

0 Helpful

travisr
Level 1
Level 1

‎07-24-2021 11:27 AM

I'm running 6.7.0-65 and receiving it as well.

0 Helpful

AlexeyFokanov31798
Level 1
Level 1

‎08-26-2021 05:45 AM

Cisco Firepower 1120 Threat Defense (78) Version 6.6.4 (Build 64)

I have the same "SSP Server Unavailable" when replace default cert

0 Helpful

dbullion
Level 1
Level 1

‎11-17-2021 01:43 PM

Me Too!!! Anyone found a solution?

0 Helpful

s.balon
Level 1
Level 1

‎11-30-2022 05:31 AM

same for me on Cisco Firepower 2120 Threat Defense (77) Version 7.0.4 (Build 55)

0 Helpful

TEST58
Level 1
Level 1

‎08-14-2023 09:03 AM

I am having this issue on 7.0.1-84.

 

0 Helpful

allenh
Level 1
Level 1

‎08-21-2023 10:05 AM

Same with 7.2.4.1-43 managed by FDM, SSP Server Unavailable when updating "DefaultWebserverCertificate" 

Has anyone found a solution? 

0 Helpful

as75
Level 1
Level 1
In response to allenh

‎09-17-2023 11:01 PM

See my solution above. works on 7.2.4.

Customers Also Viewed These Support Documents