If the SSL feature does not work as expected after you have configured it, you can use some common tools to access NetScaler resources and diagnose the problem.

Resources for troubleshooting

For best results, use the following resources to troubleshoot an SSL issue on a NetScaler appliance:

  • The relevant ns.log file
  • The latest ns.conf file
  • The messages file
  • The relevant newnslog file
  • Trace files
  • A copy of the certificate files, if possible
  • A copy of the key file, if possible
  • The error message, if any

In addition to the above resources, you can use the Wireshark application customized for the NetScaler trace files to expedite troubleshooting.

Troubleshooting SSL issues

To troubleshoot an SSL issue, proceed as follows:

  • Verify that the NetScaler appliance is licensed for SSL Offloading and load balancing.
  • Verify that SSL Offloading and load balancing features are enabled on the appliance.
  • Verify that the status of the SSL virtual server is not displayed as DOWN.
  • Verify that the status of the service bound to the virtual server is not displayed as DOWN.
  • Verify that a valid certificate is bound to the virtual server.
  • Verify that the service is using an appropriate port, preferably port 443.