Decrypt and Resign (Outgoing Traffic)
The Decrypt - Resign decryption rule action enables the system to act as a man in the middle, intercepting, decrypting, and (if the traffic is allowed to pass) inspecting and re-encrypting it. The Decrypt - Resign rule action is used with outgoing traffic; that is, the destination server is outside your protected network.
The threat defense device negotiates with the client using an internal Certificate Authority (CA) object specified in the rule and builds a TLS/SSL tunnel between the client and the threat defense device. At the same time, the device connects to the destination web site and creates an SSL tunnel between the server and the threat defense device.
Thus, the client sees the CA certificate configured for the decryption rule instead of the certificate from the destination server. The client must trust the firewall's certificate to complete the connection. The threat defense device then performs decryption/re-encryption in both directions for traffic between the client and the destination server.
Prerequisite
To use the Decrypt - Resign rule action, you must create an internal CA object using a CA file and paired private key file. You can generate a CA and private key in the system if you don't already have them.
We simplify the process of configuring the Decrypt - Resign rule by automatically adding Do Not Decrypt rules to the decryption policy based on your choices for types of traffic to exempt from encryption, such as undecryptable applications. (Typically, these applications use certificate pinning so that decrypting the connection breaks the connection.) For more information, see Create a Decryption Policy with Outbound Connection Protection.
Note | The Firepower System does not support mutual authentication; that is, you cannot upload a client certificate to the Security Cloud Control and use it for either Decrypt - Resign or Decrypt - Known Key decryption rule actions. For more information, see Decrypt and Resign (Outgoing Traffic). and Known Key Decryption (Incoming Traffic). |