Cisco Cisco Firepower Management Center 2000 Manual Técnico
Contents
Introduction
Prerequisites
Components Used
Configurations
1. Decrypt and Resign
Option 1: Use the FireSIGHT Center as a root Certificate Authority (CA)
Option 2: Have an internal CA sign your certificate
Option 3: Import a CA certificate and key
2. Decrypt with Known Key
Importing Known Certificate (Alternative to Decrypt and Resign)
Additional Configurations
Verification
Decrypt - Resign
Decrypt - Known Certificate
Troubleshooting
Issue 1: Some websites may not load on the Chrome browser
Issue 2: Getting an untrusted warning/error in some browsers
References
Related Cisco Support Community Discussions
Introduction
The SSL inspection feature allows you to either block encrypted traffic without inspecting it, or
inspect encrypted or decrypted traffic with access control. This document describes the
configuration steps to set up an SSL inspection policy on the Cisco FireSIGHT System.
inspect encrypted or decrypted traffic with access control. This document describes the
configuration steps to set up an SSL inspection policy on the Cisco FireSIGHT System.
Prerequisites
Components Used
Cisco FireSIGHT Management Center
●
Cisco Firepower 7000 or 8000 Appliances
●
Software Version 5.4.1 or higher
●
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
Warning: If you apply an SSL inspection policy on your managed device, it can impact
network performance.
network performance.
Configurations