Value of the x509 certificates within the SSL Session Log exports
Article ID: 246080
Updated On:
Products
SSL Visibility Appliance Software
Issue/Introduction
When debugging SSL sessions on the SSL Visibility Appliance you may need to export the SSL Session logs. When reviewing the exported SSL Session logs there is a field called debug. This field contains information regarding the SSL parameters for a SSL flow. Information contained in this can assist with troubleshooting why a SSL flow may not be getting decrypted. Within this debug field there is a parameter called x509. This parameter will offer an explanation of certificate status for the flow. This information can be critical in troubleshooting.
Environment
SSL Visibility Software code 4.x and above.
Resolution
The following are the values that may be provided for x509 certificates within the debug field of an exported SSL session log.
| Status | Description |
| V | Valid |
| II | Invalid Issuer |
| IS | Invalid Signature |
| EX | Expired |
| NY | Not Valid Yet |
| SS | Self-Signed |
| R | Revoked |
| WK | Weak key (RSA key <=512 bits |
| IC | Incomplete Chain |
| CRL | CRL Error |
| P | Invalid Purpose |
| EXT | Unsupported critical X.509 extension |
Feedback
Yes
No
Powered by
