As of the current FirePOWER software (Release 5.3.1), onboard SSL decryption for inspection of traffic is not supported. I've heard it may be coming in 5.4 (possibly later this quarter) but that's not yet available. When is is available, it will have a performance cost since line rate SSL decryption is computationally intensive.
So for now you would have to use a Cisco SSL appliance. They have purpose-built hardware for SSL decryption.
In either case, the inline device that's opening and inspecting the SSL traffic would need to have a special certificate that's allowed to issue child certificates and be trusted by all your clients. That typically means you need to have (or establish) an Enterprise PKI.
As of the current FirePOWER software (Release 5.3.1), onboard SSL decryption for inspection of traffic is not supported. I've heard it may be coming in 5.4 (possibly later this quarter) but that's not yet available. When is is available, it will have a performance cost since line rate SSL decryption is computationally intensive.
So for now you would have to use a Cisco SSL appliance. They have purpose-built hardware for SSL decryption.
In either case, the inline device that's opening and inspecting the SSL traffic would need to have a special certificate that's allowed to issue child certificates and be trusted by all your clients. That typically means you need to have (or establish) an Enterprise PKI.