SteelHeadā„¢ Deployment Guide - Protocols : SSL Deployments : Troubleshooting and Verification
  
Troubleshooting and Verification
Use these tools to verify that you have configured SSL support correctly:
  • SSL Optimization - After completing the SSL configuration on both SteelHeads and restarting the optimization service, access the secure server from the Web browser. These events take place in a successful optimization:
  • If you specified a self-signed proxy certificate for the server on the server-side SteelHead, a pop-up window appears on the Web browser. View the certificate details to ensure that it is the same as the certificate on the server-side SteelHead.
  • In the Management Console, the Current Connections report lists the new connection as optimized without a Protocol Error flag.
  • In the Management Console, the Traffic Summary report displays encrypted traffic (typically, HTTPS).
  • Verify that the back-end server IP appears in the SSL Discovered Server Table (Optimizable) in the SSL Main Settings page.
    • Because all the SSL handshake operations are processed by the server-side SteelHead, all the SSL statistics are reported on the server-side SteelHead. No SSL statistics are reported on the client-side SteelHead.
  • Monitoring SSL Connections - Use these tools to verify SSL optimization and to monitor SSL progress:
  • On the client Web browser, click the Lock icon to obtain certificate details. The certificate must match the proxy certificate installed on server-side SteelHead.
  • In the Current Connections report, verify the destination IP address, port 443, the Connection Count as Established (three yellow arrows on the left side of the table), SDR Enabled (three cascading yellow squares on the right side of the table), and that there is no Protocol Error (a red triangle on the right side of the table).
  • In the SSL Statistics report (on the server-side SteelHead only) look for connection requests (established and failed connections), connection establishment rate, and concurrent connections.
    •  
  • Monitoring Secure Inner Channel Connections - Use these tools to verify that secure inner channels are in use for the selected application traffic types:
  • In the Current Connections report, look for the Lock icon and three yellow arrows, which indicate the connection is encrypted and optimized. If the Lock icon is not visible or is dimmed, click the magnifying glass to view a failure reason that explains why the SteelHead is not using the secure inner channel to encrypt the connection. If there is a red protocol error, click the magnifying glass to view the reason for the error.
  • Search the client-side and server-side SteelHead logs for ERR and WARN.
  • Check that both SteelHeads appear in the white peering trust list on the client-side and server-side SteelHeads, indicating that they trust each other.
    • If you are experiencing issues with your SSL traffic being optimized, see the Riverbed Knowledge Base article Troubleshooting your SSL Configuration at http://supportkb.riverbed.com/support/index?page=content&id=S15107.