10-24-2021 11:06 AM
Hi
i have ASA5555-X with firepower module
i use ASDM for manage ASA and use FMC(6.4.0.4) for manage FIREPOWER
(use inline mode for asa traffic to firepower)
i have a web server in DMZ
i config Decrypt-Known key method for outbound traffic that access to my webserver in DMZ
i add my webserver certificate and private key in PKI / INTERNAL CERTS in FMC
i create rule in ssl and so i call ssl policy in Access Control Policy
i think all configure is ok
but i can not see my website from outside
i check event log
action =block
reaseon =ssl block
ssl flow error = unsupported ec curve (0xb9001d57)
can anyone help me ?
Solved! Go to Solution.
10-25-2021 06:00 AM
It appears you are hitting this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn57284?rfs=iqvred
A work around is included in the bug notes.
10-26-2021 12:30 AM
Can you please confirm that your mail server uses the same wildcard certificate as the other servers?
10-25-2021 06:00 AM
It appears you are hitting this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn57284?rfs=iqvred
A work around is included in the bug notes.
10-25-2021 07:34 AM
10-25-2021 12:12 PM
The entries in your mail4.jpg attachment indicate "Invalid Issuer". Have you imported the issuing CA's certificate as a trusted certificate?
10-25-2021 10:34 PM
Unfortunately, I do not understand what you mean
i have a one wildcard certificate for all subdomain
and i import these ( certificate and private key) in INTERNAL CERTS
and all websites are ok except exchange webpage
i dont have import ca certificate as a trusted certificate !!
Unfortunately , i have no information about import ca certificate as a trusted certificate
10-26-2021 12:30 AM
Can you please confirm that your mail server uses the same wildcard certificate as the other servers?
10-26-2021 01:28 AM
yes sir
10-26-2021 02:12 AM
thanks alot
the problem was solved
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide