I implemented Message Level Encryption and copied the private key to all of my head relays. How can I determine that decryption is actually happening on the relays?
if you are using decrypting relays the reports in the bufferdir will be in clear text.
grab a file, uncompress it using the decompress utility and take a peek into them.
hope that helps Mike.
Sorry, but that does not work because the reports don’t stay in the bufferdir long enough to be copied.
Turn on Carbon Copy to capture the reports. https://www-01.ibm.com/support/docview.wss?uid=swg21701916
Carbon Copy doesn’t work on a relay, and on the clients, it creates two folders: one with encrypted posts and one without encrypted posts. Maybe if MLE were not set for the deployment, I would not get a folder with encrypted messages.
My actual question was do I need to set the setting _BESClient_Rport_Encryption if I am going to set it to optional anyway. The answer was no I do not need to set it since the default setting is “optional”.
_BESClient_Report_Encryption
Type: String
Version: 7.1.1
Platform: All
Default: optional
Requires Client Restart: NO
Description: Before 9.0 default was 'none'. One of 'required', 'optional', 'none'. required=fail to send reports if they cannot be encrypted. optional=attempt to encrypt, if that fails, send unencrypted report. none(or anything else)=do not encrypt reports.
The best way to verify that reports are actually encrypted is with Wireshark.