At times it is necessary to look at the over SSL communication status in the FxM(Foglight Experience Monitor) environment. Looking at a table that lists the number of SSL errors and being able to drill down to look for root cause is very helpful.
1. Log into the FxM HTTP UI
2. Analysis | Metric Analysis | (Expand) Server by Port |(Expand) Connection Metrics | SSL Connection Errors
3. Select SSL Connection Errors
4. Select a time range where there have been no application(agent) or appliance restarts
5. Select the show All from the drop down menu.
6. Select the show in table format icon
7. Select the hyperlink for one of the servers in the resulting list that has errors
8. Select the hyperlink All Metrics for this Resource
9. Reset the time rage as in step #4
10. This will tell you what types of SSL errors are occurring
The most common is missing SSL key. This can be caused by the SSL key being changed on the server being monitored or that this servers SSL key was never entered in to FxM. See the FxM Install and Admin Guide for steps to install or update SSL keys.
The other SSL error messages are documented in the Foglight Experience Monitor
Metric Reference Guide.
When looking at SSL errors be sure to pick a time range that has not had and appliance or agent restart. The FxM agent must see the entire SSL conversation from beginning to end to decrypt it. The reason for this is that the SSL key are exchanged at the beginning of the SSL conversation. If the agent starts running in the middle of a SSL communication it will only get the part without the keys and will not be able to decrypt it. This will result in the errors Invalid SSL Version Number or Invalid SSL Handshake Type appearing depending on where the SSL communication was picked up. Likewise if you see very small numbers of these two numbers such as 10 errors out of 10,000 SSL Connections Started you can safely ignore these.