Hi Community,
I have a question regarding how FMC updates the PKI Trusted CA list, I am asking this because during an SSL decryption policy implementation (on FP services) in resign mode I have encountered some issues (eg. Whatsapp file transfer traffic blocked)
Looking at the packet capture I saw that FP module gave "Certificate Unknown" message, after importing the CA certificate (DigiCert Secure SHA2 CA) of the server in FMC PKI Trusted CA and after deploying updated policies file tranfer worked correctly (with SSL inspection)
Maybe I could be useful also to see in the connections events with "Certificate Unknown" (obviously for SSL/TLS events) in order to facilitate troubleshooting.
Thanks,
Matteo