Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
0
Helpful
1
Replies

SSL inspection

MeisamAz
Level 1
Level 1

‎12-17-2021 11:47 AM

Hi everyone,
I have some questions about "SSL inspection".

I have a couple of servers in my DMZ zone that they serve mostly HTTPS service to clients. HTTP and HTTPS traffic first come to "firepower" and then go through web application firewall "WAF".

SSL traffic's certificate is applied in the WAF and WAF is managing the certificate for HTTPS services.
And due to threats detection, WAF decrypts the SSL traffics.
And now I want to configure an SSL inspection in the FTD that traffic first goes through it.
Should I use the same WAF certificate that it is using for HTTPS service and it is a valid certificate in the FTD firewall?
Does it have effects on WAF function?

Does anyone do this scenario before?

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-17-2021 11:02 PM

Yes, you can decrypt and re-sign with the same server certificate being used by the WAF. You will have to import the certificate(s) (with associated private key(s)) in order to have it (or them ) available for your SSL policy.

There should be no effect on the WAF function.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card