cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to tell what key a server is using?

tdavison2
Organizer

Hello,

Yet, another rookie question, : ). I have a server that is using a Key that contains an unsupported cipher for DCRUM. I can see this by typing in show ssldecr status (IPAddress). However, I can't tell what key this server is using. I have several keys being used. Is there a command that would show me the key name? When looking at "Show slldecr servers" it just shows certs seen: 0, keys used: 0, status unknown>

I believe this is because of the unsupported cipher. Not sure though.

Thanks for your help,
Tom

3 REPLIES 3

wojciech_kurek
Inactive

Tom,

If your'e using AMD Classic, you may use the show ssldecr servers RCON command. It will show the relationship between servers and keys on your AMD.

Wojtek.

Babar_Qayyum
Leader

Hello Tom,

Check the below useful commands.

  • SHOW SSLDECR CERTS
  • SHOW SSLDECR
    CIPHERS
  • SHOW SSLDECR KEYS
  • SHOW SSLDECR
    SERVERS
  • SHOW SSLDECR STATUS

Regards,

Babar

SHOW SSLDECR SERVERS should provide the answer in this case. It'll list which key has matched against which server IP.

However, it's generally not the key* that's the problem with regard to unsupported ciphers - they're negotiated live between the server and client during the SSL handshake.

To identify which servers are using unsupported ciphers - hope you have 12.4.5+ - the SSL diagnostics reports will tell you which ciphers are being used by user/server.

*Having said that, now DH or EC signed keys are becoming more prevalent. If the server private key is a DH/EC key then the AMD will fail to load it at start up - and will show in the SHOW SSLDECR KEYS command as being wrong - we can only work with RSA keys.