cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AMD SSL status alert: percentage of SSL errors going up

kevin_liu1
Guide

just noticed this morning our CAS system status is red, mainly due to AMD SSL Status is alerting that percentage of SSL errors since last night: 100. this is the first time we've seen this error, what caused this and what's the 1st step to troubleshoot. we're using DCRUM 12.2 and AMD 12.2.1.137

5 REPLIES 5

Adam_Tryba
Dynatrace Advisor
Dynatrace Advisor

What is the 'decoding' type? SSL Card or Open SSL?

What is the output of following command, executed on the AMD

rcmd show ssldecr status

cosmin_gherghel
Dynatrace Pro
Dynatrace Pro

Hi Kevin,

Do you have SSL keys installed on the AMD to be able to decrypt the traffic?

There is quite a bit of documentation around SSL but first steps are to check if SSL keys are installed and if they match the monitored traffic.

You can do this by using executing "rcmd show ssldecr keys" to view the status of any configured SSL keys.

https://community.dynatrace.com/community/display/...

https://community.dynatrace.com/community/display/...

Thanks,

Cosmin

renato_puccini2
Inactive

If there was a change on the traffic encryption, I would recommend you to check out about Diffie-Hellman.

matthew_eisengr
Inactive

Having a similar issue with 3 of 4 AMDs.

Using OpenSSL on all of them.

No software services using SSL decrypted analyser.

Adam, I ran the 'rcmd show ssldecr status' on one of them and have attached the output. Any ideas?ssldecr-status.txt

Erik_Soderquist
Dynatrace Pro
Dynatrace Pro

from the attach ssldecr_show_status details,

Finished sessions not decrypted=7564 (100% of all finished sessions)
with no private key found=7550 (new sessions=7550 reused sessions=0)

most likely the server being monitored had the SSL cert/key updated or renewed, and now the AMD's key for it is out of date

-- Erik