Re: SSL Decryption

adamgibs7 · ‎03-03-2018

Dears,

I m little confused from the below guides of ssl decryption , I don't have any Internal CA in my corporate nor I m going to get it signed by third party CA ( verisign,godaddy) so according to the below link I have to follow only step 1 (OPTION 1) and then straight jump to SSL policy configuration (Navigate to Policies > SSL then click New Policy.)

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200202-Configuration-of-an-SSL-Inspection-Polic.html#anc6

Thanks

Karsten Iwen · ‎03-03-2018

Yes, that's right. But you still have to import the self-signed certificate from Option1 to all your client-devices as trusted root-certificate.

adamgibs7 · ‎03-03-2018

Dear Karsten,

if I am not wrong I have to export from the box instead of the import, where I can find the option to download the self signed certificate from the box ??? so that once download ,, by windows group policy I can push to all PC in the domain.

thanks

yogdhanu · ‎03-06-2018

Hi

You can download the certificate from objects>PKI >CA

If you have created the CA on FMC itself.

Hope it helps,

Yogesh

adamgibs7 · ‎03-06-2018

these certificates has to be install in client machine in which location ???

Karsten Iwen · ‎03-07-2018

After exporting the certificate (and converting from p12 to pem) you have to install it into the trusted root store on all client machines. If the clients are using Firefox, there is a separate store where it has to be installed.