cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

485
Views
5
Helpful
4
Replies
Highlighted
Beginner

URL Filtering and SSL decryption issues

Hello,

 

I am working with a customer that want to use the URL filtering function in his ASA 5545-X with firepower services.

I have a similar setup in my LAB for testing purpose and I have create a SSL Policy that are using a Microsoft CA signed certificate and I have some Windows 10 clients with ROOT certificates from the same CA.

However, I am having issues with some sites when using either Chrome or Firefox.

Everything is working fine in both IE and Edge browsers but some HTTPS pages (like https://www.cisco.com) are timing out with Chrome and Firefox. I have tried the workaround described here - https://www.cisco.com/c/en/us/td/docs/security/firepower/SA/SW_Advisory_CSCvh22181.html but it only helped for some of the pages. The only other thing I can think of is certificate pinning, but I am not sure that this is browser dependent. 

Anyone else have experienced similar issues with SSL decryption?

 

Everyone's tags (4)
4 REPLIES 4
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: URL Filtering and SSL decryption issues

Hi,
The Microsoft web browsers will look in the local certificate store and be able to validate/trust the Internal Microsoft CA certificate. However Chrome and Firefox do not look in the local machine store for the certificate, so will therefore produce the untrusted certificate error. You would need to configure the chrome/firefox browsers to trust your root CA.

HTH
Beginner

Re: URL Filtering and SSL decryption issues

Thank you for the answer. I did tried that on firefox after reading that this was a common issue with firefox, but the issue was still there. However, I will try the same in chrome when I am back home and see if it will fix the issue there.

I can add that when this issue happens, I don't see any warning about untrusted certificates. I just revived a timeout error after a while. 

Beginner

Re: URL Filtering and SSL decryption issues

I imported the root certificate in Chrome, but unfortunately it didn't solved the issue. I still getting the "ERR_TIMED_OUT" message in the browser after a while, If I click the "View Site information" button I see the following "Your connection to this site is not secure" 

Re: URL Filtering and SSL decryption issues

Did you solve this? Im having the "err_TIMED_OUT" when I try to connect to outlook.office365.com.