After creating http based software services, I'm need, for the first time, to create Software Service base on https traffic, but I can't find in the Application Traffic Categories window any https traffic
Just the ssl traffic is shown
I tried to add keys (pem files) to the AMD as described here: RSA Private Keys but still there is no https traffic....
What do I miss here?
can any one advise?
Thanks in advance
did you add the private Key to the keylist on the AMD? Did you restart the kpa service and start kpadmin to enter the password? This needs to be done after every restart of the AMD.
On the AMD you could open the rcon and perform the command "show ssldecr status" and "show ssldecr keys" this should give you some additional information.
I had the keys placed and the keylist file update.
I didn't know about the kpa .....
But, there is always but ,the kpadmin didn't find any keys
That is exactly what I wanted to say. Use
service kpa restart
Here you should provide the password for the private key.
You can check if the key is loaded successfully with
rcon -> show ssldecr keys
It should look like in the attached screenshot
Now I also have one key 🙂 on the AMD
but after ndstop and and ndstart there is still no https traffic 😞
What do I miss now?
Do you know the IP address for the server(s) that you want to add as HTTPS? I would try checking to see if they are in the SSL category, as maybe the AMD didn't like something it saw with the HTTPS traffic, and dumped it in the SSL traffic category. Alternatively, it could now be showing up under the HTTP category as well. If it is in none of those locations, then it could be under the 'Application Overview' tab, in the 'Servers' report as unknown TCP traffic.
Granted, all this is only possible if you know the IP address you want to look for. 😉
Yes I know the server and client ip's and they both shown in the the ssl traffic part.
But I can't see any operations on them after creating a software service on the server under ssl analyzer....
I think that the cause of that connect to the certificate the security guys gave me. They using IBM certificate and when I asked for pem file they made up a different key and its not the one they are using in the application. I will check this out and come back with update.
OK, I can see the different (read vs matched).
I will talk with the security guys.
You were a guiding angel for me in this case.
Thank you so much
Bye till next time 😉