Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3519
Views
0
Helpful
1
Replies

SSL Inspection in ASA

snarayanaraju
Level 4
Level 4

‎05-01-2014 12:29 PM - edited ‎03-11-2019 09:08 PM

Hi -  I am curious to understand how the SSL/HTTPS inspection is designed to be handled in Cisco ASA Firewall.

What all I know is that, for SSL inspection the firewall has to de-crypt and again encrypt the traffic passing thru the firewall. Does this require the Server's Private key need to be imported into the firewall for De-cryption and Public key for encrypting?

 

Thanks in advance

SAIRAM

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-01-2014 12:45 PM

When we inspect SSL traffic (on the CX module), the ASA acts as a proxy and has an SSL key of its own that is trusted by the user (i.e. issued by a CA in the user's Trusted Certificate store). That allows it to intercept, decrypt, inspect and re-encrypt the traffic.

Here is a link to the User Guide section explaining in more detail.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card