Dealing with SSL issues in Java web applications is no fun, especially when you have no debug or troubleshooting logs and all you see is an ugly ‘Page Cannot be displayed error message in your browser. Thankfully you can easily enable SSL to debug on your Application to start seeing verbose logs that will clearly show what happens during the SSL handshake process.
You can enable SSL debugging logs in your Application Server JVM config by adding the following JVM command line parameter and restart the Application Server:
-Djavax.net.debug=all
Note that since it is a Java System Property ( used by JSSE – Java Secure Sockets Extension), it will work on any JEE ApplicationServer such as WebSphere, WebLogic, Jboss, Tomcat, etc.
-Djavax.net.debug=all
Note that since it is a Java System Property ( used by JSSE – Java Secure Sockets Extension), it will work on any JEE ApplicationServer such as WebSphere, WebLogic, Jboss, Tomcat, etc.
This is also one of the reasons why every Java developer should know more about various JVM parameters, here is a handy list of the most useful JVM options for Java developers.
The verbose logs will usually go to SystemOut.log
Note: If you are unable to update System Property via the java command line above for whatever reason, try OS level network packet monitoring tool first. Now, what exactly are they? If you are running on Unix/Linux, try ‘snoop/tcpdump’. On windows, you are in luck – use Microsoft Network Monitor, a very powerful tool. You can also try Wireshark (ethereal) on Windows.
That's all about how to enable SSL debugging in Java. This is one of the 10 essential JVM options I have suggested for the production Java system. You don't appreciate the value of such a parameter until you have faced the situation and realized the gravity of the problem and how much this tiny, little, and slightly unknown JVM option can help you.
How to enable SSL debug logging in IBM WebSphere?
Depending on your WAS version, adding the above parameter is typically done by navigating to WAS Admin Console > Servers > Application Servers > YourServer > Process Management > Java Virtual Machine > Generic JVM argumentsThe verbose logs will usually go to SystemOut.log
Note: If you are unable to update System Property via the java command line above for whatever reason, try OS level network packet monitoring tool first. Now, what exactly are they? If you are running on Unix/Linux, try ‘snoop/tcpdump’. On windows, you are in luck – use Microsoft Network Monitor, a very powerful tool. You can also try Wireshark (ethereal) on Windows.
That's all about how to enable SSL debugging in Java. This is one of the 10 essential JVM options I have suggested for the production Java system. You don't appreciate the value of such a parameter until you have faced the situation and realized the gravity of the problem and how much this tiny, little, and slightly unknown JVM option can help you.
This is another reason, why I suggest you get yourself familiar with different JVM options now and then. A good understanding of JVM internals and JVM options is essential for any experienced Java programmer.
You can improve your knowledge by joining one of these best Java JVM internal courses for senior Java developers or reading any good book on Java profiling and performance like Java Performance The Definitive Guide by Scott Oaks.
You can improve your knowledge by joining one of these best Java JVM internal courses for senior Java developers or reading any good book on Java profiling and performance like Java Performance The Definitive Guide by Scott Oaks.
You can also see the most up-to-date Java Performance Companion by Charlie Hunt, which covers Java 8 enhancements and G1 garbage collector as well. Both are great books to make yourself familiar with tools, processes, and internal Java virtual machines.
All the best with your learning about Java and JVM options.
Other Java SSL Articles and Tutorials you may like
All the best with your learning about Java and JVM options.
Other Java SSL Articles and Tutorials you may like
Thanks for reading this article so far. if you find this example useful please share it with your friends or colleagues.
No comments:
Post a Comment