SSL Decryption Log

mseiler0815 · ‎06-13-2022

Hello,

I'm testing SSL Decryption (Deep inspection) on my Windows Computer.

How can I find out why some pages are not shown in the browser or why is some content not shown on a page with videos or pictures. The issue is clear, one or more pages can't be decrypted (Cert Pinning/HSTS/Cyphers not supported/Mutual authentication).

But I can't find the logs in the Fortimanager. I want to see which connection is responsible and what caused the issue.

How do you troubleshoot this kind of issue. Which logs do you use?

Or is there a CLI command to troubleshoot? This would be very helpful.

Regards

Michael

RinoBroer · ‎06-13-2022

Dear Michael,

Good question, I have this question myself but I think this is the reason: the client does not accept the connection because of cert pinning, HSTS etc. and for this reason the client actively stops the connection.

Because the client closes the connection in a usual way no errors will be logged. I have tested this extensively with FileZilla > Help > Check for updates and have come to the above conclusion. Currently, I exclude these domain names from deep inspection.

But, If this problem is somehow traceable in the logs then I would like to hear about it!

FileZilla traffic capture

Rino Broer

SSL Decryption Log

Nominate a Forum Post for Knowledge Article Creation