cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why there is no https traffic in Application Traffic Categories

Hi

After creating http based software services, I'm need, for the first time, to create Software Service base on https traffic, but I can't find in the Application Traffic Categories window any https traffic

Just the ssl traffic is shown

I tried to add keys (pem files) to the AMD as described here: RSA Private Keys but still there is no https traffic....

What do I miss here?

can any one advise?

Thanks in advance

Yos

10 REPLIES 10

thun
Advisor

Hi Yos,

did you add the private Key to the keylist on the AMD? Did you restart the kpa service and start kpadmin to enter the password? This needs to be done after every restart of the AMD.

On the AMD you could open the rcon and perform the command "show ssldecr status" and "show ssldecr keys" this should give you some additional information.

Friederike

Hi Friederike

I had the keys placed and the keylist file update.

I didn't know about the kpa .....

But, there is always but ,the kpadmin didn't find any keys

any suggestion?

Yos

OK

After reading the documentation I see that I need to restart the kpa daemon before using the kpadmin, But I can't find anywhere how to do this...

Can anyone help?

Yos

found it in /etc/rc/s/init.d

and the command is: service kpa restart

That is exactly what I wanted to say. Use

service kpa restart

and afterwards

kpadmin

Here you should provide the password for the private key.

You can check if the key is loaded successfully with

rcon -> show ssldecr keys

It should look like in the attached screenshot

OK!

Now I also have one key 🙂 on the AMD

but after ndstop and and ndstart there is still no https traffic 😞

What do I miss now?

matt_lewis
Dynatrace Advisor
Dynatrace Advisor

Yosi,

Do you know the IP address for the server(s) that you want to add as HTTPS? I would try checking to see if they are in the SSL category, as maybe the AMD didn't like something it saw with the HTTPS traffic, and dumped it in the SSL traffic category. Alternatively, it could now be showing up under the HTTP category as well. If it is in none of those locations, then it could be under the 'Application Overview' tab, in the 'Servers' report as unknown TCP traffic.

Granted, all this is only possible if you know the IP address you want to look for. 😉

-Matt Lewis

Hi Matt

Yes I know the server and client ip's and they both shown in the the ssl traffic part.

But I can't see any operations on them after creating a software service on the server under ssl analyzer....

I think that the cause of that connect to the certificate the security guys gave me. They using IBM certificate and when I asked for pem file they made up a different key and its not the one they are using in the application. I will check this out and come back with update.

Thanks allot

Yos

Hi Yosi,

it seems that the key is not matching like we can see in your screenshot of the rcon.

We had seen some problems with a none matching hostname in many projects. Maybe that is a hint for the server guys.

Good Luck!

Hi Friederika

OK, I can see the different (read vs matched).

I will talk with the security guys.

You were a guiding angel for me in this case.

Thank you so much

Bye till next time 😉

Yos!