search cancel

CLI command for known certificates and keys information

book

Article ID: 238757

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

CLI command for  known certificates and keys information

Environment

Release: 4.5.6.1

Resolution

For the Symantec SSL Visibility command to view all learned certificates/keys, please refer to the CLI command shown below.

admin> segment learned-cert-cache show all

See the snippet below, for further guidance.

The output will show the confidence level key and status of the certificate. The expiration date will not be shown

To access the "admin>" command mode, the CLI command below should be utilized.

sslv# cld

Note:

For the information such as sni-name, SHA value, expiration date, etc. for the imported certificates, we can confirm that there is no available CLI command, in the SSLV, to see that. Please note that this has been fully validated by the Advanced Engineering team as well. They are viewable in the session logs, with the exception of the expiry date. By inspecting the SSL certificate from the PCAP, the validity would be seen. See a sample snippet below, for checking the validity of an SSL certificate from WireShark.

For accessing the session log details, please refer to the guidance provided in the Tech. doc. with URL below.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/ssl-visibility/5-2/sslv_overview/UI_Overview/monitor_menu/ssl_session_log.html