I have Edit one of the Khawar FTD EVE-NG Lab to be 
Lab Overview :
FirePower has a feature called SSL Decryption which is used to decrypt any encrypted traffic such as HTTPS via Intercept the traffic between Client and Server so that FP can resign the certificate -
Lab prerequisite :
- Connect FTD to the Internet and configure G0/0 IP address DYNAMIC
- Configure PAT / ACP
- Configure CA Server in management Side 192.168.100.5 to download ROOT CA and Sign CSR of FirePower
Lab Steps :
1- Download ROOT CA from CA Server and Import it to FMC via
Object >PKI > Trusted CA
2- Generate CSR from FMC (Object->PKI->IntenalCA)and Copy/Pasted in CA Server with Option Subortindate Certificate Authority - Sign it and return it back to the same CSR Page to install Certificate.
3- Configure SSL Policy To decrypt HTTPS (port 443 ) --as Example
GO To policies > SSL Policy -> Rule
same page of SSL Policy : you need to push FMC Certficate from Trusted CA
4- Call SSL policy from ACP Policy then apply
Result:
NOTE: There is a Difference Between SSL Decryption and SSL offloading.
SSL Decryption: Decrypt the traffic in order to inspect the content and re-encrypted again
SSL offloading : Remove the encryption .ex : from HTTPS–> HTTP
I hope this help
Thanks
Abdulfattah