Cisco Cisco ASA 5506W-X with FirePOWER Services Technisches Handbuch
servers. It resigns the certificate of the public server with an intermediate CA certificate which is
configured on the firepower module.
configured on the firepower module.
These are the three steps to configure the Outbound SSL Decryption.
Step 1. Configure the CA certificate.
Configure either a self-signed Certificate or an intermediate trusted CA certificate for certificate
resign.
resign.
Configure the Self-Signed CA Certificate
In order to configure the Self-Signed CA Certificate, navigate to Configuration > ASA Firepower
Configuration > Object Management > PKI > Internal CAs and click on Generate CA. The
system prompts for the details of the CA certificate. As shown in the image, fill up the details as
per your requirement.
Configuration > Object Management > PKI > Internal CAs and click on Generate CA. The
system prompts for the details of the CA certificate. As shown in the image, fill up the details as
per your requirement.
Click on Generate self-signed CA to generate the internal CA certificate. Then click on Generate
CSR to generate the certificate-signing-request which is consequently shared with the CA server
to sign.
CSR to generate the certificate-signing-request which is consequently shared with the CA server
to sign.
Configure the Intermediate CA Certificate
In order to configure the Intermediate CA Certificate which is signed by another third party CA,
navigate to Configuration > ASA Firepower Configuration > Object Management > PKI >
Internal CAs and click on Import.
navigate to Configuration > ASA Firepower Configuration > Object Management > PKI >
Internal CAs and click on Import.