This article describes the procedure to run an SSL scan, which is required to troubleshoot communication issues between theagent device and cloud.
The sslscan command queries SSL/TLS services to determine the supported ciphers and protocols. Formore information, seehttps://www.mankier.com/1/sslscan.
In addition to ping and telnet, this test is used to isolate the communication issue resulting from the following failures:
Backups fail with “Server not reachable.”
Backup failure with“SSL/certificate error while validating the cloud server.”
SSL terminates the proxy that blocks the connection.
Open thecommand prompt and navigate to the extracted openssl folder.
Run the scan comma
nd as follows and redirect the output as described below:
sslscanFQDN:Port > ssl_scan_output.txt
In the above command: - FQDN can be the URL to the cloud - Port is the instance level port (443) - ssl_scan_output.txt is the text file to which the command output is directed. Redirect the command output to the following files:
Note:The output of the sslscanincludes preferred ciphers of the SSL service and protocols. To suppressthe protocols and ciphers from appearing in the output usethe --no-failedoption in the command as follows.
If SSL has not been properly implemented, some content on a site may NOT covered by the encryption expected. So even though the browser is indicating a secure connection, some of the interactions may not be secure or encrypted at all. There are also potential exploits that can endanger this data exchange.
Check installation of the certificate using one of these checkers: sslchecker, certlogic, SSLLabs. Make sure that there is an automatic redirect from http://yourdomain.tld to https://yourdomain.tld (if needed). Check that port 443 is open. Avoid displaying any insecure content here.
Decreasing the number of connections increases performance for secure communication through SSL connections, as well as non-secure communication through simple Transmission Control Protocol/Internet Protocol (TCP/IP) connections. One way to decrease individual SSL connections is to use a browser that supports HTTP 1.1.
You can use SSLScan's color code to obtain a quick reference about the severity, in terms of security, of the displayed results. Red (allowing SSLv3 and using DES and RC4 ciphers) indicates an insecure configuration, while green or white is a recommended one.
Windows – If you accept the default installation options, the installer will create a directory for the program on your C:\ drive. For example: C:\OpenSSL-Win32. To run the program, go to the C:\OpenSSL-Win32\bin directory and double-click the file openssl.exe. ...
If you want to turn on SSL/TLS trust for that certificate, go to Settings > General > About > Certificate Trust Settings.Under "Enable full trust for root certificates," turn on trust for the certificate. Apple recommends deploying certificates via Apple Configurator or Mobile Device Management (MDM).
Introduction: My name is Frankie Dare, I am a funny, beautiful, proud, fair, pleasant, cheerful, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.