Known Key Decryption (Incoming Traffic)

The Decrypt - Known Key decryption rule action uses a server's private key to decrypt traffic. The Decrypt - Known Key rule action is used with incoming traffic; that is, the destination server is inside your protected network.

The main purpose of decrypting with a known key is to protect your servers from external attacks.

Prerequisite

To use the Decrypt - Known Key rule action, you must create an internal certificate object using the server’s certificate file and paired private key file.

Note

The Firepower System does not support mutual authentication; that is, you cannot upload a client certificate to the management center and use it for either Decrypt - Resign or Decrypt - Known Key decryption rule actions. For more information, see Decrypt and Resign (Outgoing Traffic). and Known Key Decryption (Incoming Traffic).