Guest

Preview Tool

Cisco Bug: CSCvu42363 - ECDSA signed server certificates aren't re-signed by RSA signed certificate authority

Last Modified

Jul 14, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.2.3 6.3.0 6.4.0 6.5.0 6.6.0 6.7.0

Description (partial)

Symptom:
Browser navigation to a website using an ECDSA signed certificate fails occasionally.
This will usually be on initial visits to the website, subsequent visits succeed, although traffic is not decrypted.

Conditions:
Firepower Threat Defense device configured with an SSL inspection policy.
SSL Inspection policy configured to Decrypt-Resign traffic.
Decrypt-Resign rules use an RSA signed certificate authority.
Network clients visiting websites using ECDSA signed server certificates.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.