-
Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Troubleshooting
If the SSL feature does not work as expected after configuration, you can use some common tools to access Citrix ADC resources and diagnose the problem.
Resources for troubleshooting
For best results, use the following resources to troubleshoot an SSL issue on a Citrix ADC appliance:
- The relevant ns.log file
- The latest ns.conf file
- The messages file
- The relevant
newnslog
file - Trace files
- A copy of the certificate files, if possible
- A copy of the key file, if possible
- The error message, if any
In addition to these resources, you can use the Wireshark application customized for the Citrix ADC trace files to expedite troubleshooting.
Troubleshooting SSL issues
To troubleshoot an SSL issue, proceed as follows:
- Verify that the Citrix ADC appliance is licensed for SSL Offloading and load balancing.
- Verify that SSL Offloading and load balancing features are enabled on the appliance.
- Verify that the status of the SSL virtual server is not displayed as DOWN.
- Verify that the status of the service bound to the virtual server is not displayed as DOWN.
- Verify that a valid certificate is bound to the virtual server.
- Verify that the service is using an appropriate port, preferably port 443.
Decrypting TLS1.3 traffic from packet trace
To troubleshoot protocols that run over TLS1.3, you must first decrypt the TLS1.3 traffic. To decrypt TLS 1.3 in Wireshark, the secrets must be exported in the NSS
key log format. For more information about the key log format, see NSS Key Log Format.
For information about how to capture a packet trace, see Capturing SSL Session Keys During a Trace.
Note: Citrix ADC automatically logs each connection’s secrets in the appropriate format for the TLS/SSL protocol version in use.
CRL refresh does not happen on the secondary node in an HA setup
The refresh does not happen because the CRL server is accessible only to the primary node through a private network.
Workaround: Add a service on the primary node with the IP address of the CRL server. This service acts as a proxy for the CRL server. When the configuration is synchronized between the nodes, CRL refresh works for both primary and secondary nodes through the service configured on the primary node.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.