Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
249
Views
0
Helpful
0
Comments

Cisco FTD SSL Decryption - Spoofed Certificate vs Original Certificate

Meddane
VIP
VIP

on ‎08-02-2023 04:58 AM

When Cisco Firepower Threat Defense (Cisco Secure Firewall) acts as a Man in the Middle to perform SSL Decryption for Outbound Traffic.

After intercepting the HTTPS Request, Firepower will:

  • Retrieve the server certificate from the external server.
  • Create a new (spoofed) certificate with all the fields and sign this with its own internal CA Certificate.

But Firepower will remove the fields highlighted in red color that break the TLS connection, for example the CRL Distribution Points to prevent the client to go to internet in order to check if the certificate was'nt revoked.

8.PNG

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents