Which statement about decrypting traffic on the Cisco Firepower Appliance is true?
A. The Decrypt-Resign option can be used with a well-known/public PKI.
B. Using the Decrypt-Known Key option requires that you upload the public/private key pair from servers to the appliance.
C. The Decrypt-Known Key option requires only that the public key be uploaded to the appliance.
D. The Decrypt-Resign option cannot be used with a local PKI.
Correct is A.
behrouz hemmati is correct. B should be the chosen option.
CM
To use known key decryption, you must upload the server’s certificate and key as an internal identity certificate, and then add it to the list of known-key certificates in the SSL decryption policy settings.
Correct Answer is “B”