MLE testing with decrypting relays on RedHat

Hi Everyone,

I have enabled MLE using BESAdmin.sh and copied the keys to my top level relays. Is there any easy way to test what level of encryption is enabled and confirm everything is encrypted? I have used this many times on Windows however the documentation for MLE on RedHat is slim and even documentation on BESAdmin.sh is lacking in detail.

Thanks,

Peter

most recent clients will indicate if they are sending an encrypted or clear report in their logs. Thats the only indication on the endpoint.

The client could give some information back on the following relevance

encrypt reports of client cryptography
desired encrypt reports of client cryptography
encrypt report failure message of client cryptography

The OS isn’t involved in this at all so no knowledge of RedHat is needed. The certificate is placed into the masthead for the clients to decrypt to so you can look at that certificate for its strength if that is what you are needing?

I’m not sure what you mean by “level of encryption.” Encryption is either enabled or disabled. If you see the message “Encrypted report posted successfully” in any client log, then you know it is enabled. The only ways to confirm that things are being decrypted/encrypted on the relay is to try and grab some reports from the relays bufferdir before they are forwarded on or to sniff the network traffic. If the reports in the relays bufferdir do not start with or contain the string #SE001, then they are being successfully decrypted.

Hi Steve,

What i meant was 2048 bit key excetera. I believe i have this now.

Thanks,

Peter