Skip to main content
Druva Documentation

How to run the SSL scan

This article applies to:

  • OS: Windows
  • Product edition: Phoenix

Overview

This article describes the procedure to run an SSL scan, which is required to troubleshoot communication issues between the agent device and cloud.

The sslscan command queries SSL/TLS services to determine the supported ciphers and protocols. For more information, see https://www.mankier.com/1/sslscan.

In addition to ping and telnet, this test is used to isolate the communication issue resulting from the following failures:

  • Backups fail with “Server not reachable.”
  • Backup failure with “SSL/certificate error while validating the cloud server.”
  • SSL terminates the proxy that blocks the connection.

SSL scan

  1.  Download SSLScan from link https://code.google.com/archive/p/ss...-win/downloads.
  2. Unzip the archive.
  3. Open the command prompt and navigate to the extracted openssl folder.
  4. Run the scan comma

    nd as follows and redirect the output as described below:

    sslscan FQDN:Port > ssl_scan_output.txt

    In the above command:
    - FQDN can be the URL to the cloud
    - Port is the instance level port (443)
    - ssl_scan_output.txt is the text file to which the command output is directed. Redirect the command output to the following files:

    sslscan  phoenix.druva.com:443 > c:\sslscan.txt
    sslscan --no-failed phoenix.druva.com:443 > c:\sslscan2.txt



    Note: The output of the sslscan includes preferred ciphers of the SSL service and protocols.  To suppress the protocols and ciphers from appearing in the output use the --no-failed option in the command as follows.

    sslscan --no-failed phoenix.druva.com:443
    sslscan  phoenix.druva.com:443


    Successful output:

    TestSuccessful.png

    Failed output:
    FailedOutput.png
  5. Collect the output text files and send them to Druva Support for further analysis.

Next steps

Whitelist all the traffic from *.druva.com. 

The error generally occurs when a proxy alters the certificate so that the client fails to communicate with the cloud.