Goline Logo

Home

About Us

Services

Solutions

Systems Architecture

Support

FAQ

News

  • GOLINE SA partners with EaseUs March 13th, 2025
    New Partnership Between Goline and EaseUS: Technology and Innovation at Your Service. We are excited to announce our collaboration with EaseUS, a leading company in data management, file recovery, and disk cloning software. This collaboration allows us to provide our users with reliable and cutting-edge tools to manage and protect their devices efficiently. Exploring the Benefits of Our New Partnership with EaseUS This collaboration enhances our capability to deliver top-notch services to our community. With EaseUS, you can optimize storage space, recover lost files, and clone disks easily and securely. Whether you're a home user or an IT professional, you'll...
  • GOLINE SA partner with FileCloud November 25th, 2024
  • GOLINE SA partners with PowerDMARC April 24th, 2024
    In the supply and logistics sectors, email communication is pivotal. However, organizations face threats like email fraud and phishing. GOLINE SA's clients struggled with configuring email authentication protocols manually. To address this challenge, GOLINE SA partners with PowerDMARC as an MSP Partner, collaborating to streamline implementation and management. PowerDMARC's cloud-based platform automated DMARC, SPF, and DKIM protocols for GOLINE SA's clients. This streamlined the transition to DMARC enforcement policies, bolstering domain protection without compromising email deliverability. The intuitive platform facilitated easy navigation and provided detailed reporting for proactive issue resolution. Strategic Collaboration: GOLINE SA Partners with PowerDMARC GOLINE SA's clients...

Workaround to Replace SSL Certificate on Cisco FTDv via Cisco FMC

Caparrelli Paolo Cisco 7 May 2025

This guide provides a detailed, technical walkthrough for replacing the SSL certificate on a Cisco Firepower Threat Defense Virtual (FTDv) device, using Cisco Firepower Management Center (FMC).

Prerequisites
Cisco FMC (Firepower Management Center)
Cisco FTDv (Firepower Threat Defense Virtual)
DigiCert-issued SSL certificate Corresponding (or from your CA)
Private Key
DigiCert Global Root G2 certificate Certificate (or from your CA)
Generation Tool: Certtools.netsec.us

Step 1: Generate PFX/P12 Certificate
Access Certtools.netsec.us.
Input the following elements in this exact sequence:
—–BEGIN PRIVATE KEY—–
(Your private key content)
—–END PRIVATE KEY—–  
—–BEGIN CERTIFICATE—–
(Your DigiCert-issued certificate)
—–END CERTIFICATE—–  
—–BEGIN CERTIFICATE—–
(DigiCert Global Root G2 certificate)
—–END CERTIFICATE—–

Select PEM as the export format.
Click "Generate PKCS12 / PFX".
Download the generated certificate file, rename the extension to .pfx (e.g., ftdv_cert.pfx).

Step 2: Import Certificate to Cisco FMC
Log in to Cisco FMC web interface.
Navigate to: Devices → Certificates Click "Add Certificate" and select "PKCS12 File".
Upload the previously generated .pfx file.
Enter the mandatory password: Cisco123
Complete the upload process and verify successful certificate import.

Step 3: Configure a New Trustpoint in FMC In FMC, navigate to: Devices → Certificates → Add New Trustpoint
Configure the following: Trustpoint Name: Provide a meaningful identifier (e.g., DigiCert-FTDv-Trustpoint).
Associate the newly uploaded certificate.
CRITICAL: During trustpoint creation, ensure the option below is explicitly enabled to bypass CA checks: ☑ Skip Check for CA flag in basic constraints of the CA Certificate
Click "Save".

Step 4: Apply Trustpoint to Cisco FTDv Device
On FMC, navigate to: Devices → Device Management Select your Cisco FTDv device and click "Edit".
Navigate to: Advanced → SSL Settings From the dropdown menu, select your newly created trustpoint (e.g., DigiCert-FTDv-Trustpoint).
Click "Save", then deploy the configuration by clicking "Deploy" to push the changes.

Step 5: Verification
Restart your browser or use an incognito/private window.
Access your Cisco FTDv via HTTPS and confirm: Certificate validity Correct CA hierarchy and trust establishment via browser security details

Troubleshooting Tips
If issues occur: Verify the precise sequence of certificate/key insertion during PFX generation.
Confirm the .pfx file password (Cisco123).
Ensure the "Skip Check for CA flag" option is correctly enabled.
Always deploy changes via FMC after modifications.
Following these steps accurately will enable a seamless SSL certificate replacement on Cisco FTDv through Cisco FMC.  

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x