Troubleshooting Edge Cache
- You can determine if any traffic is passing through Edge Cache by looking at the real time conversations monitor available at Monitor > Real Time > Conversations. Any traffic that is currently being processed by Edge Cache will have a blue background. This will tell you if Edge Cache is evaluating whether data could be retrieved from its cache or evaluating whether the data should be stored in it. However, it does not indicate whether it is successful in either retrieving or storing the data.
- You can determine if any traffic has passed through Edge Cache over time by looking at the Edge Cache report available at Monitor > Optimization > Edge Cache. The Edge Cache monitor report will show the amount of data over time processed through Edge Cache served on the LANLocal area network and the amount of data retrieved from the WANWide Area Network. It will also show the requests to Edge Cache and the hits. These two charts will show you if data is going through Edge Cache and if so how many hits and how much data is served from the cache.
- Check the logs for any errors related to Edge Cache, including DNSDomain Name Server not being configured.
- You should ensure that DNS is configured properly by visiting Configuration > System > Network > DNS. For help configuring DNS, see the main user guide.
- If the Real Time monitor and the Edge Cache monitor indicate that data is not passing through Edge Cache, you should ensure that the Edge Cache process is running. Go to Configuration > System > Optimization > Services and ensure that Edge Cache is running. You may want to restart Edge Cache.
- All the steps for troubleshooting caching above apply.
- Try browsing to an encrypted site then look at the real time conversations. The encrypted traffic will be reflected in the application name, such as HTTPS. If processed through Edge Cache, the conversation will have a blue background.
- Ensure HTTPS caching is enabled and a certificate is configured.
- If the traffic that you are concerned about is specified in a caching whitelist or blacklist using source or destination domains, then try restarting Edge Cache at Monitor > Optimization > Services. If the reverse mapped domains have changed, then the domains that are specified in the whitelists and blacklists may need to be re-resolved and re-reverse mapped. This is done upon Edge Cache startup, when there is a change to the whitelist or blacklist, or when there is a change to the DNS information.
- You can restrict the size of the objects that can be cached to more closely match the type of data that you want cached by visiting Configuration > System > Optimization > Edge Cache.
- You can increase the amount of storage available for Edge Cache to use by visiting Configuration > System > Setup > Storage.
- Develop a list of sites that need to be white listed because of security concerns (for example financial sites)
- Deploy your self-signed certificate throughout the entire network if you do not want users to accept the “false” certificate
- Independent appliances (for example printer from various manufacturers) use HTTPS to connect to maintenance sites to order cartridges and no human interaction is needed; therefore these sites need to be white listed.
- Payment terminals use HTTPS to accept payments and there is no option to install a self-signed certificate
- Some browsers (typically Google Chrome) check more than only the “trusted” self-signed certificate before allowing access to a specific web page
If Edge Cache is not rendering layouts as expected, the problem is likely due to the certificate format. Using the Certificate generator of the Exinda appliance lets you export PEM and DER Certificate formats, but some formats require a PKCS12 certificate and these cannot be exported from the Exinda appliance. To correct the problem, use openssl to generate Certificates and import them into the appliance:
- Use openssl to create your PKCS12 + private key and CSR file. The list of common command lines for openssl to create your Certificates includes:
- Generate a new private key and Certificate Signing Request:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
- Generate a self-signed certificate (see How to Create and Install an Apache Self Signed Certificate for more info):
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
- Generate a certificate signing request (CSR) for an existing private key:
openssl req -out CSR.csr -key privateKey.key -new
- Generate a certificate signing request based on an existing certificate:
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
- Import the certificate into the Exinda appliance:
- Login to the appliance.
- Click Configuration > System > Certificates.
- Type a name for the certificate, then browse to location of the Certificate file and the Private Key file.
- Click Import.
- Switch to the All Certificates tab to ensure your import was successful.
- Assign the PKCS12 certificate to Edge Cache.
- Click Configuration > System > Optimization > Edge Cache.
- Under HTTPS Caching, click the checkbox to enable HTTPS content caching, and then select the PKCS certificate you created from the Signing Certificate list.
- Click Apply Changes.
- Import the PFX/PKCS12 certificate to your own computer. Reload the page that was formatted incorrectly to ensure the new certificate solves the problem.
The following open issues are known concerns:
- Facebook does not work with Chrome
- Facebook works with Safari but still has a pop-up
- Google apps work with Chrome but they can only use the Google Certificate
- Google apps work with Safari
- Firefox still has pop-ups because it uses a different Certificate store
- Outlook connects to Exinda without popups