Troubleshooting NetScaler SSL Card Issues

book

Article ID: CTX236094

calendar_today

Updated On:

Description

Complete the following steps to troubleshoot SSL cards issues on NetScaler:
Note: NetScaler VPXs do not support third-party SSL cards. The only SSL cards that they support for VPX are instances on an SDX appliance.

Verify the number of SSL Cards present on appliance.
SDX: Login to the SVM using shell and type cat /var/nslog/dmesg.boot | grep platform and look at the number that’s before”CVM”

MPX: use command show ssl stats example shown further down.

Note: You need to create FIPS partitions before you can assign FIPS capacity to the VPX. For more information refer to Citrix Documentation - Creating Partitions.
Determine the status of SSL Cards by using the command show ha node

VPX on SDX

MPX FIPS device
Use show ssl stats to verify that the SSL cards are present (seen by the appliance) and verify that the engine status is “1”. If SSL engine is “0” then it’s down. This can occur due to the license and/or if all the SSL cards of the appliance are down instead of just some. Verify the license is correct and if incorrect contact Citrix Licensing. If license is correct and all SSL cards are reported down, then you would need to hard reboot the SDX Appliance.
Note: If rebooting the VPX doesn’t resolve the issue and there are multiple SDXs then failover ALL instances to the other appliance and then reboot the entire SDX. If there is only one SDX appliance then you would need to contact Technical Support for further assistance.
Older firmware that’s no longer supported can cause multiple issues resulting in SSL cards going down or errors can occur. Ensure that you’re on a supported firmware. If you’re on an older firmware then upgrade to a later release as there have been substantial SSL improvements throughout the builds.