The ASA proxy terminates the SSL connection to the outside site, you
wouldn't need the servers Private key, only the public. The ASA presents
its own certificate to the inside users, so it would need to be a cert
trusted by the end user. In effect you have 2 SSL tunnels.
On Thu, May 1, 2014 at 2:31 PM, R.B. Kumar <seekumarin_at_gmail.com> wrote:
> Hi Experts- I am curious to understand how the SSL/HTTPS inspection is
> designed to be handled in Cisco ASA Firewall.
>
> What all I know is that, for SSL inspection the firewall has to de-crypt
> and again encrypt the traffic passing thru the firewall. Does this require
> the Server's Private key need to be imported into the firewall for
> De-cryption and Public key for encrypting?
>
>
>
> Thanks in advance
>
> RBK
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Marc Abel CCIE #35470 (Routing and Switching) Blogs and organic groups at http://www.ccie.netReceived on Thu May 01 2014 - 14:36:09 ART
This archive was generated by hypermail 2.2.0 : Tue Jun 10 2014 - 13:43:09 ART