I have received the key from AM team in .keystore format. Somehow I manage to convert that into .pem format & same has been added to AMD for decrypting the SSL traffic. But when I checked for below command it gives me nothing.
rcmd show ssldecr status xx.xx.xx.xx
I checked that this application is using DH key exchange but I suppose the command at least should show me the cipher suit details that application is using because when I verified it for other application who is also using the DH it shows the output like,
+ TLS1.0-RSA-RSA-AES-256-CBC-256-SHA ref=1
- TLS1.0-DH-RSA-AES-256-CBC-256-MD5 ref=12
- c014 ref=105874
- c028 ref=122180
- c030 ref=829715
Is it possible that the key I produced from .keystore is wrong. Please guide.
Those unknown are mutation of DH as well:
c014 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
c028 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
C030 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
so you have only 1 session which is using supported cipher.
To verify if the key is recognized please run:
show ssldecr status keys
Thanks for your comment but the key which is question is showing only read not matched.
And off course it will show only read as application uses DH but I suspect the extracted key from original .keystore is not correct.
Is there any way to validate the .pem key?