Our Foglight Experience Monitor (FxM) 'SSL Connection Error Rate' due to ‘Invalid SSL Key’ is 30%.
We have successfully applied our SSL key--the 'Missing SSL Key' metric is 0.
When we look at the 'All Metrics View' for the Server in question, we see that the "Command" metrics are all zero while the "IP" and "Connection" metrics are non-zero. Those readings tell us that traffic is present but it is _never_ being decrypted by the SSL key (because HTTPS encrypts at HTTP layer, not TCP).
So how come the 'SSL Connection Error Rate' is only 30%? Shouldn't it be 100%?
POSSIBLE CAUSE 1
Software Defect FXM-344. In some cases the SSL error rate is under-reported when an incorrect private key is installed. So instead of giving errors 100% of the time it reports an error rate of less than 100% (30% for example) giving the wrong impression that some of the SSL connections were being decrypted when in fact none of them were.
POSSIBLE CAUSE 2
Some SSL connections are being opened but a key negotiation is not occuring for whatever reason. So those connections that are opened but not key exchanged (and hence no data is sent) do not register as errors. So these null data connections are diluting the error percentage down from the 100% reading. Bottom line--you have an incorrect SSL key loaded or you have loaded the SSL key that came from a different Server (i.e. you applied the SSL key generated from Server A to Server B, for example).
The real fix for cause 1 or cause 2 is to load into FxM the _correct_ SSL key for that particular server.
Defect FXM-344 is fixed in verison 5.6.5. Also fixed in the latest patch for version 5.6.2 and latest hotfix/patch for version 5.6.3.