cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is non-empty-output of 'ssldecr keys' a definite check for making sure the keys are loaded?

waikeat_chan
Mentor

Based on my discussion with other partner who are also using dcrum, seems like sometimes even if 'ssldecr keys' returned empty, the key are somehow still loaded (verified by the population of HTTPS software service data in dashboard)

IF that's true, that would means this command is useless isn't it? Compare with 'show ssldecr keys' back then in classical AMD.

1 REPLY 1

john_leight
Dynatrace Pro
Dynatrace Pro

Just seeing an HTTPS software service in the dashboard does necessarily mean the key is loaded. If operations are seen, it could mean that HTTPS sessions are being reported. (Operations: handshakes/data exchange; Tasks: keys used; Modules: Ciphers used; Services: SSL version)

Verifying the key is used would mean sessions are decrypted and operations are reported in the operations list. Look for actual HTTP-type operations (https://domain/path/URL) showing up in the operations list. If http operations are reported, that would mean the key is loaded and used for decryption.

I've always been able to trust 'ssldecr keys' command in the console.