Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Respected Contributor.. MikeAlpha Respected Contributor..
Respected Contributor..
116 views

RUM traffic encryption / decryption key

Hi,

I am trying to view HTTPS traffic in APM . RUM probe is discovering the desired encrypted traffic but i am not able to view the decrypted traffic. I have entered a key in rum engine ssl key store management. How can i view 100 % decrypted traffic? Sharing screen shot with you kindly have a look. looking forward for your response.

RUM engine and RUM probe version is 9.5.
APM 9.5.


Regards

0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

Re: RUM traffic encryption / decryption key

Hi Mike,

This could be one of the following:

Use of Diffie Hellman ciphers - the changing key meant that RUM could not decrypt traffic using these ciphers.  However, from 9.5, I heard that there is a tool or patch for Apache to get around this.  I'm not sure where it is though and haven't used it.

Is your data capture between the end users and load balancer, or between the load balancer and web servers?  That makes a difference depending on the load balancer configuration, and especially if that has its own private key.

Also, ensure you import private keys for all web servers the monitored app is using, as each server should have its own private key.

Regards,

Tim

0 Likes
Respected Contributor.. MikeAlpha Respected Contributor..
Respected Contributor..

Re: RUM traffic encryption / decryption key

Hi Tim,

Hope you doing well.

Thank you for your response.

Is your data capture between the end users and load balancer, or between the load balancer and web servers?  That makes a difference depending on the load balancer configuration, and especially if that has its own private key.

I am running probe discovery my probe is on window, Promiscuous mode is on. data is coming in RUM engine but it is not decrypted so rum engine is not sending data to APM (BSM).

Also, ensure you import private keys for all web servers the monitored app is using, as each server should have its own private key.

Monitored app is using just one web server. I am using web server key, generated by me. but it seems it is not working.

Regards,

Mike

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: RUM traffic encryption / decryption key

Hi Mike,

to add to Tim's statements:

when you check the
  SSL Applicaton Decryption Statistics,
    Decryption Failed (no handshake)
      -> usually a result of missing packets, even one single missing packed - when looking at encrypted traffic -
         can cause that a whole chain of packets cannot be decrypted

    Decryption Failed (unsupported algorith)
      -> as Tim mentioned, that's usually the case when Diffie Hellman encryption is being used,
         starting with RUM 9.51 we started to support Diffie Hellman for Apache, with
           support version: Apache webserver using open SSL on RHEL 5 to 6,
           RUM supports decryption of Diffie Hellman suite of ciphers on TLS 1.2 for Apache web server on RHEL

    Decryption Failed (no matching key)
      -> for application "sm_11" this would indicate that you provided no or a wrong key in RUM for the applicaton

under
 SSL Server Decryption Statistics
you'll see tht you have 0% decryptet traffic for ALL servers except of 10.173.0.45, where 100% of the traffic was decrypted

Greetings
Siggi

Customer Support
Micro Focus

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Respected Contributor.. MikeAlpha Respected Contributor..
Respected Contributor..

Re: RUM traffic encryption / decryption key

Hi Siggi,

Hope you doing well.

Thank you so much for your response.

what should i do to resolve these issues? how i would get 100 % decrypted traffic?

kindly suggest

Regards

Mike

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: RUM traffic encryption / decryption key

Hi Mike,

It would depend on the issue.  Which application are you trying to monitor?  Is it the SM one?

If it is failing due to Unsupported Algorythm, you will need to have the app updated to not use Diffie Hellman ciphers.

If it is failing due to no matching key, that means the uploaded private key does not work.  Maybe it's not in the right format.  Check the doc for the supported types.

If it is failing due to no handshake, then you will have to check the Probe sniffer interface for dropped packets, or if some of the conversation is going over a different ESX host so not picked up by your probe.

There is useful information in the SSL Keystore Management section of the Real User Monitor Admin Guide.  This is Chapter 8, starting at the bottom of page 109 for the 9.50 version.

Regards,

Tim

0 Likes
Respected Contributor.. MikeAlpha Respected Contributor..
Respected Contributor..

Re: RUM traffic encryption / decryption key

Hi Tim,

Thank you so much for your support.

It would depend on the issue.  Which application are you trying to monitor?  Is it the SM one?

Yes,  I am using SM (Service Manager).

If it is failing due to no handshake, then you will have to check the Probe sniffer interface for dropped packets, or if some of the conversation is going over a different ESX host so not picked up by your probe.

How can i check probe sniffer interface? kindly suggest.

Regards,

Mike

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.