Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
0
Helpful
1
Replies

Can't Access Web Sites after applying SSL Policy

M.Hakeem
Level 1
Level 1

‎02-03-2018 10:19 PM - edited ‎02-21-2020 07:17 AM

I have internal CA and ASA with firepower services.

After I applied SSL policy (decrypt- resign) I have a certificate issue.

I need your advise. I think I have an issue in firepower certificate. How do i configure the firepower to decrypt the traffic using my own CA?

 

 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-03-2018 11:58 PM - edited ‎02-04-2018 12:01 AM

Is the certificate you are using for Firepower configured as a "certificate-issuing-certificate"?

 

This would need to be specified in the template used by the CA when signing the certificate it issues to the FMC. A standard web server certificate (even if the issuing CA is trusted) will not suffice to allow Firepower to masquerade as the destination site when proxying the SSL traffic. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card