I all, I've recieved a key with the format .pem and I want to install and configurate it on the AMD machine.
I read on the docs 'DCRUM 12.3' many instruction but i can't really understand how can I do it.
I add on the rtm.config this line: "server.key.dir=/usr/adlex/config/keys/"
After this, I don't know how I can go on..a little help please!
Solved! Go to Solution.
A *.PEM file is the certificat, not the key! You'll need the *.KEY file if you want to read the traffic.
Once you have the *.KEY file, add it to the /usr/adlex/config/keys/ folder, then create or edit the keylist file that must be located in /usr/adlex/config/keys/ as following:
file,nameofyourkey.key,comment (name of the application for instance)
Save the file and restart your AMD : ndstop && ndstart
You can then check the key using the following command:
rcmd 'show ssldecr keys'
It should say "MATCHED" on the key line
You can check if your traffic is read using this command :
rcmd 'show ssldecre status yourserverIP'
Here is an example:
"read" means the AMD was able to read in and load the key at startup, "matched" means the AMD has seen a certificate in the traffic that matches the key and is able to decrypt traffic using the matching certificate and supported ciphers.
Thanks for your super fast response !
i have 167 keys all showing as read and zero matched
Keys total: 167, ok: 167, failed: 0, matched: 0
i hope reason for me seeing zero matched is probably i am not getting any required traffic.
That's one possibility, but 167 keys with no matching traffic is quite a rare occurrence. Maybe you can pick a few server IPs and do a
rcmd show ssldecr status serverIP
The output will let us know if there is a problem with the decryption or if there were really no traffic...