Guest

Preview Tool

Cisco Bug: CSCvv66814 - Resign cert not changing from default after deploy

Last Modified

Oct 07, 2020

Products (1)

  • Sourcefire Defense Center

Known Affected Releases

6.4.0 6.5.0 6.6.0 6.7.0

Description (partial)

Symptom:
SSL connections intercepted and decrypted by a Firepower device are re-encrypted using an incorrect SSL certificate authority. 

This incorrect certificate authority is one that was used on a previous version of the configured SSL policy.

Conditions:
Firepower Threat Defense managed using Firepower Device Manager.
SSL Decryption policy deployed.
SSL Decryption policy contains one or more rules with Decrypt-Resign action.

If the SSL policy is changed to use a different Certificate Authority to decrypt connections, and no other changes are made to the policy, the updated Certificate Authority may not be correctly used.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.