Solved: Re: Firepower Management Center - disable certificate authentication

cisco_kiwi · ‎10-24-2017

Hi,

I managed to enable certificate authentication on our Firepower Management Center and now I am unable to browse to the URL to make changes.

I see others have come across this issue and they have been able to disable the cert via the CLI with ASA FirePOWER. But from what I can find the Firepower Management Center doesn't have a CLI and there is no way to disable the certificate.

Does anyone know a way to disable the cert or do I have to delete the config and start again.

Any help would be much appreciated.

mikael.lahtela · ‎10-24-2017

Hi,

You can ssh to FMC, login with admin credentials.
If you are unsure how to configure this you should contact Cisco TAC as you can mess things up here.

You need to edit /etc/httpd/ssl_certificates.conf with sudo vi /etc/httpd/ssl_certificates.conf
Change the line "SSLVerifyClient x" to "SSLVerifyClient none".
Restart FMC or user pmtool restartbytype gui

To use command vi on linux (fmc os), here is a basic guide:
https://ryanstutorials.net/linuxtutorial/vi.php

br, Micke

View solution in original post

mikael.lahtela · ‎10-24-2017

Hi,

You can ssh to FMC, login with admin credentials.
If you are unsure how to configure this you should contact Cisco TAC as you can mess things up here.

You need to edit /etc/httpd/ssl_certificates.conf with sudo vi /etc/httpd/ssl_certificates.conf
Change the line "SSLVerifyClient x" to "SSLVerifyClient none".
Restart FMC or user pmtool restartbytype gui

To use command vi on linux (fmc os), here is a basic guide:
https://ryanstutorials.net/linuxtutorial/vi.php

br, Micke

hash2k2 · ‎12-09-2020

Thanks, that helped me a lot as I accidently activated client certificates.

Truman · ‎12-04-2023

Thank you, that helps me too as I accidentally enabled the client certificates.