PacketWise has the ability to classify by certificate for SSL traffic, allowing you to classify and control P2P traffic that is using SSL.

The class criteria commands are useful for determining the SSL certificate common name.

1. Use the class criteria track command to identify the certificate common names used in the SSL traffic. For example:

class criteria track /inbound/ssl SSL commonName

2. After allowing a period of time for SSL traffic to be generated, use the class criteria recent command to show recent values for a class. For example:

class criteria recent /inbound/sslTraffic

Class: /Inbound/SSL
Application: SSL
Attribute: commonName (Common Name)
Recent Attribute Values (most recent first)
-------------------------------------------------------------------------
1. my.loud.pc
2. www.redhat.com
3. optionslink.etrade.com
4. trades1.optionslink.com
5. onlineca.bankofamerica.com
6. onlineid.bankofamerica.com

3. Turn off tracking when you are done. For example:

class criteria track /inbound/ssl off

Once you have determined the certificate common name, you can create a class for this type of SSL traffic. Create a class based on the SSL service, choose Common Name in the Criterion field, and enter the certificate common name exactly as it appeared in the output of the class criteria recent command.

For more information, see class criteria in PacketGuide.