Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
502
Views
2
Helpful
1
Replies

FMC PKI - Trusted Public CAs Update

matteodapozzo
Level 5
Level 5

‎11-10-2017 03:21 AM

Hi Community,

I have a question regarding how FMC updates the PKI Trusted CA list, I am asking this because during an SSL decryption policy implementation (on FP services) in resign mode I have encountered some issues (eg. Whatsapp file transfer traffic blocked)

Looking at the packet capture I saw that FP module gave "Certificate Unknown" message, after importing the CA certificate (DigiCert Secure SHA2 CA) of the server in FMC PKI Trusted CA and after deploying updated policies file tranfer worked correctly (with SSL inspection)

Maybe I could be useful also to see in the connections events with "Certificate Unknown" (obviously for SSL/TLS events)  in order to facilitate troubleshooting.

Thanks,

Matteo

Labels:
1 Reply 1

yogdhanu
Cisco Employee
Cisco Employee

‎12-20-2017 10:15 AM

Hello,

FMC updates the CA's list as new software update patches are installed on it. There is no auto update option for CA's

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card