1-7To do… Use the command… Remarksinformation { policy-name | all }Display SSL client policyinformationdisplay ssl client-policy{ policy-name | all }Troubleshooting SSLSSL Handshake FailureSymptomAs the SSL server, the device fails to handshake with the SSL client.AnalysisSSL handshake failure may result from the following causes:z The SSL client is configured to authenticate the SSL server, but the SSL server has no certificate orthe certificate is not trusted.z The SSL server is configured to authenticate the SSL client, but the SSL client has no certificate orthe certificate is not trusted.z The cipher suites used by the server and the client do not match.Solution1) You can issue the debugging ssl command and view the debugging information to locate theproblem:z If the SSL client is configured to authenticate the SSL server but the SSL server has no certificate,request one for it.z If the server’s certificate cannot be trusted, install on the SSL client the root certificate of the CAthat issues the local certificate to the SSL server, or let the server requests a certificate from the CAthat the SSL client trusts.z If the SSL server is configured to authenticate the client, but the SSL client has no certificate or thecertificate cannot be trusted, request and install a certificate for the client.2) You can use the display ssl server-policy command to view the cipher suite used by the SSLserver policy. If the cipher suite used by the SSL server does not match that used by the client, usethe ciphersuite command to modify the cipher suite of the SSL server.