10-24-2021 11:06 AM
Hi
i have ASA5555-X with firepower module
i use ASDM for manage ASA and use FMC(6.4.0.4) for manage FIREPOWER
(use inline mode for asa traffic to firepower)
i have a web server in DMZ
i config Decrypt-Known key method for outbound traffic that access to my webserver in DMZ
i add my webserver certificate and private key in PKI / INTERNAL CERTS in FMC
i create rule in ssl and so i call ssl policy in Access Control Policy
i think all configure is ok
but i can not see my website from outside
i check event log
action =block
reaseon =ssl block
ssl flow error = unsupported ec curve (0xb9001d57)
can anyone help me ?
Solved! Go to Solution.
10-25-2021 06:00 AM
It appears you are hitting this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn57284?rfs=iqvred
A work around is included in the bug notes.
10-26-2021 12:30 AM
Can you please confirm that your mail server uses the same wildcard certificate as the other servers?
10-25-2021 06:00 AM
It appears you are hitting this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn57284?rfs=iqvred
A work around is included in the bug notes.
10-25-2021 07:34 AM
10-25-2021 12:12 PM
The entries in your mail4.jpg attachment indicate "Invalid Issuer". Have you imported the issuing CA's certificate as a trusted certificate?
10-25-2021 10:34 PM
Unfortunately, I do not understand what you mean
i have a one wildcard certificate for all subdomain
and i import these ( certificate and private key) in INTERNAL CERTS
and all websites are ok except exchange webpage
i dont have import ca certificate as a trusted certificate !!
Unfortunately , i have no information about import ca certificate as a trusted certificate
10-26-2021 12:30 AM
Can you please confirm that your mail server uses the same wildcard certificate as the other servers?
10-26-2021 01:28 AM
yes sir
10-26-2021 02:12 AM
thanks alot
the problem was solved
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: