Disable Client Certificates In FMC

Disable Client Certificates In FMC

  • Post category:Cisco / Firepower
  • Reading time:2 mins read
Well recently I ran into an issue inside our lab environment when I was testing a few things. I was enabling and disabling different things inside the Firepower Management Center to see what they would do (as you do), and i enabled Client Certificates under the HTTPS menu… after i clicked save i lost all connectivity to the web console. Unfortunately… because i lost access to the web console… i can’t disable the option from the web console… So this is how you disable it. Step 1 ssh to the cli of the Firepower Management Center as the admin user Step 2
> expert
admin@fmc:~$ sudo -i
root@fmc:~# cd /etc/httpd/
root@fmc:/etc/httpd# vi ssl_certificates.conf
Step 3 The ssl_certificates.conf file will look like the following
### This configuration file was generated from a template - /var/sf/htdocs/templates/html_templates/stig/ssl_certificates.conf.tt
SSLCertificateFile /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/server.key
<Location />
SSLVerifyClient required
</Location>
SSLOCSPEnable on
We want to change the SSLVerifyClient from required to none
### This configuration file was generated from a template - /var/sf/htdocs/templates/html_templates/stig/ssl_certificates.conf.tt
SSLCertificateFile /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/server.key
<Location />
SSLVerifyClient none
</Location>
SSLOCSPEnable on
Step 4 Now we need to restart the FMC web gui (faster than rebooting the whole server)
root@fmc:~#pmtool restartbytype gui
Give it a few minutes, and the web gui will be back online.

Leave a Reply