cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

how to view the ssl certificates in user traffic?

jeremy_p_somers
Participant

I'd like to extract a view of the ssl certificates that are being used for all sessions passing an AMD. Presumably this cert is recorded by default, however I am presently unclear as to how I can extract/view them.

5 REPLIES 5

adam_piotrowicz
Dynatrace Pro
Dynatrace Pro


If you mean saving public SSL key exchanged in the traffic you can do it by the following command in rcon console:

ssldecr certs 10.1.1.1 "/var/tmp"

The output should be similar to :

>$ Wrote 1129 bytes to /var/tmp/cert_10.1.1.1:443_1.der.
1 certificates dumped.

10.1.1.1 of course is an example of SSL server IP.

Thanks Adam.

What I am wanting to do is to have a record of all ssl certs, used all ssl session traffic, to which I can later drill back into. As such I need to keep not only each particular cert, but also the data and time I saw it, the scr and destination IP, ports, etc. I have seen how to do this on other APM tools but am just yet to see how it would be done in this particular application.

I am assuming there will be some kind of DMI report I can run that could recover this information for me?

Jeremy,

That information is not kept as part of the data we process/store. It's only available on the AMD while it is running (i.e. it's lost over restarts). (so there'll be no DMI for this)

If you're handy with shell scripts, you could write something up to regularly dump the contents of

rcmd show ssldecr certs 

to files, then process those.

So how about making DMi report with SSL handshakes > 0 and Client/Server IPs and Time dimensions?

This should give you an overview which client-server pairs and when established SSL session that should cover exchanging certs ...

Adam, Chris, thanks for your input. I will take this back and see what we can work out. Not familiar with rcmd at this point, so will need to do some digging on that front. If I can tie that together with what Adam suggests then perhaps I will get closer to what I need...