Yet, another rookie question, : ). I have a server that is using a Key that contains an unsupported cipher for DCRUM. I can see this by typing in show ssldecr status (IPAddress). However, I can't tell what key this server is using. I have several keys being used. Is there a command that would show me the key name? When looking at "Show slldecr servers" it just shows certs seen: 0, keys used: 0, status unknown>
I believe this is because of the unsupported cipher. Not sure though.
Thanks for your help,
Solved! Go to Solution.
SHOW SSLDECR SERVERS should provide the answer in this case. It'll list which key has matched against which server IP.
However, it's generally not the key* that's the problem with regard to unsupported ciphers - they're negotiated live between the server and client during the SSL handshake.
To identify which servers are using unsupported ciphers - hope you have 12.4.5+ - the SSL diagnostics reports will tell you which ciphers are being used by user/server.
*Having said that, now DH or EC signed keys are becoming more prevalent. If the server private key is a DH/EC key then the AMD will fail to load it at start up - and will show in the SHOW SSLDECR KEYS command as being wrong - we can only work with RSA keys.