Cisco Firepower: FMC SSL Decrypt with MS Signed CA
HTML-код
- Опубликовано: 31 июл 2024
- In this video we will setup Firepower TLS decryption capabilities to ensure we are inspecting all traffic and not missing threats embedded in TLS. We will leverage a MS CA to sign the CSR from Firepower to enable Firepower to issuing Certificates. This also helps with browser errors when using self signed - in most environments the internal ROOT CA is distributed using GPO so all assets trust certificates issued by this CA. We will finish off with some testing and validation.
Наука
Thank you really informative and to the point, loved it
Glad it was helpful!
How, on earth, did you change FMC to dark theme? Pleeeeseeee share this :)
I beleive it started in version 6.7 but check out 7.x. As always with any release review the release notes and test. Have fun!
One more thing...
I have two tier PKI , meaning, I have root ca (srv1), Subordinate root ca (srv2) who is doing issuing certs to everybody. So where do I go for SUB CA for FMC? Do I go to root ca (srv1) and ask this server to di the issuing SUB CA for FMC or I go to (srv2) for issuing?
Thank you !
Btw, great clip ;)
Thanks for the feedback! You need to use an authority that supports granting issuing CA's for subnorates.