Detailed information about successful and unsuccessful
TLS handshakes provides visibility and makes decryption troubleshooting
easier.
Decryption logs display entries for
unsuccessful TLS handshakes by default and can display entries for successful TLS
handshakes if you enable this option in decryption policy rules. If you enable entries
for successful handshakes, make sure that you have the system resources (log space) for
the logs.
Decryption logs include a vast amount of information to help you
troubleshoot decryption and
monitor decryption activity. There are 62
columns of different types of information you can enable in the logs, and you can select
any individual log (
, magnifying glass) and see the details in a
single Detail view. You can view certificate, cipher suite, and error information such
as: subject common name, issuer common name, root common name, root status, certificate
key type and size, certificate start and end date, certificate serial number,
certificate fingerprint, TLS version, key exchange algorithm, encryption algorithm,
negotiated EC curve, authentication algorithm, SNI, proxy type, errors information
(cipher, HSM, resource, resume, protocol, feature, certificate, version), and error
indexes (codes that you can look up to get more error information).