Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3119
Views
5
Helpful
1
Replies

FirePOWER - Hardware Security Module (HSM) Integration

thomas.busse
Level 1
Level 1

‎02-08-2019 02:19 AM - edited ‎03-12-2019 07:16 AM

Hello Community,

 

I was wondering if for e.g. especially for Inbound SSL-Decryption Rules it is possible to integrate Cisco Firepower appliances with any 3rd party HSM, so that private keys, etc. will remain outside the Firepower appliance ?

 

Greetings,

Thomas

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-10-2019 04:29 AM

If you put an SSL appliance inline with the Firepower device you can get the traffic in decrypted form and inspect that.

 

If you're using an SSL policy on the Firepower device and specifying decrypt-and-resign as part of the policy then the decryption has to be done on the Firepower device itself - not on an HSM or other appliance.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card