I am working with a customer that want to use the URL filtering function in his ASA 5545-X with firepower services.
I have a similar setup in my LAB for testing purpose and I have create a SSL Policy that are using a Microsoft CA signed certificate and I have some Windows 10 clients with ROOT certificates from the same CA.
However, I am having issues with some sites when using either Chrome or Firefox.
Everything is working fine in both IE and Edge browsers but some HTTPS pages (like https://www.cisco.com) are timing out with Chrome and Firefox. I have tried the workaround described here - https://www.cisco.com/c/en/us/td/docs/security/firepower/SA/SW_Advisory_CSCvh22181.html but it only helped for some of the pages. The only other thing I can think of is certificate pinning, but I am not sure that this is browser dependent.
Anyone else have experienced similar issues with SSL decryption?
Thank you for the answer. I did tried that on firefox after reading that this was a common issue with firefox, but the issue was still there. However, I will try the same in chrome when I am back home and see if it will fix the issue there.
I can add that when this issue happens, I don't see any warning about untrusted certificates. I just revived a timeout error after a while.
I imported the root certificate in Chrome, but unfortunately it didn't solved the issue. I still getting the "ERR_TIMED_OUT" message in the browser after a while, If I click the "View Site information" button I see the following "Your connection to this site is not secure"