How does the Cisco Firepower Decrypt-known method perform SSL decryption on inbound traffic?
A. The system identifies the server certificate during the SSL handshake and downloads the associated private key from the CA to decrypt the traffic
B. The system matches the incoming server certificate to a previously stored certificate on the server and uses the private key to decrypt the traffic
C. The system uses a CA certificate on the server to resign the exchanges server certificate then uses the private key of the CA certificate to decrypt the traffic
D. he system uses a CA certificate on the server to resign the exchanges server certificate then uses a separate private key to decrypt the traffic
I think test2019 is right. B is the right answer.
For outbound traffic, C would be ok.
“Decrypt by resigning the server certificate. When a host on your network initiates a TLS/SSL handshake with an external server, the system resigns the exchanged server certificate with a previously uploaded certificate authority (CA) certificate. It then uses the uploaded private key to decrypt the traffic. “
B
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/understanding_traffic_decryption.html
Decrypt with a known private key. When an external host initiates a TLS/SSL handshake with a server on your network, the system matches the exchanged server certificate with a server certificate previously uploaded to the system. It then uses the uploaded private key to decrypt the traffic.