10-15-2018 04:29 AM - edited 03-12-2019 07:01 AM
Hello,
I am working with a customer that want to use the URL filtering function in his ASA 5545-X with firepower services.
I have a similar setup in my LAB for testing purpose and I have create a SSL Policy that are using a Microsoft CA signed certificate and I have some Windows 10 clients with ROOT certificates from the same CA.
However, I am having issues with some sites when using either Chrome or Firefox.
Everything is working fine in both IE and Edge browsers but some HTTPS pages (like https://www.cisco.com) are timing out with Chrome and Firefox. I have tried the workaround described here - https://www.cisco.com/c/en/us/td/docs/security/firepower/SA/SW_Advisory_CSCvh22181.html but it only helped for some of the pages. The only other thing I can think of is certificate pinning, but I am not sure that this is browser dependent.
Anyone else have experienced similar issues with SSL decryption?
10-15-2018 04:40 AM
10-15-2018 05:11 AM
Thank you for the answer. I did tried that on firefox after reading that this was a common issue with firefox, but the issue was still there. However, I will try the same in chrome when I am back home and see if it will fix the issue there.
I can add that when this issue happens, I don't see any warning about untrusted certificates. I just revived a timeout error after a while.
10-15-2018 10:51 AM
I imported the root certificate in Chrome, but unfortunately it didn't solved the issue. I still getting the "ERR_TIMED_OUT" message in the browser after a while, If I click the "View Site information" button I see the following "Your connection to this site is not secure"
12-11-2018 09:07 PM
Did you solve this? Im having the "err_TIMED_OUT" when I try to connect to outlook.office365.com.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: