The SSL Diagnosis Tool can help to debug SSL connectivity issues when using Oracle Entitlements Server (OES); for example ‘BAD_CERTIFICATE’. The tool checks the OES SSL configuration in on the Security Module (SM) side and displays detailed SSL handshake information. This document contains information on how to use the tool.
Using the SSL Diagnosis Tool
The SSL Diagnosis Tool should be executed from the SM directory located in ales32-shared/bin. Run the script as follows:
ssldiagnosis.bat|sh <demo|secure>
Choose the Demo option to check SSL certificates created by the demo CA certificate from DemoTrust.jks key store.
Choose the Secure option to check SSL certificates created by using the CA certificate from the cacerts file in the BEA_HOME/jdk-version/jre/lib/security directory.
Running the SSL Diagnosis Tool
Use the following procedure to run the SSL Diagnosis Tool. Ensure that the OES Administration Server is running before beginning this procedure.
Open a terminal window.
Change to the BEA_HOME/ales32_shared/bin directory.
Run ssldiagnosis.bat|sh demo.
Enter the Administration Server administrator username and password at the enrollment prompt. The default values are admin and password respectively.
Check DEMO CA. The default password for demo CA is password and the default CA alias name is alesdemoca.
Check OES Certificates in keystore files.
Check OES components. PD and SCM belongs to SM: give directory of any SSM. For example, Java-SSM location value is BEA_HOME/ales32-ssm/java-ssm
To Display SSL Handshake Information
To display additional debug messages, set the following properties for the OES Administration Server based on the container in which it is running.
On Tomcat
Modify the WLESTomcat.conf file by setting the following property: -Djavax.net.debug=ssl
Modify the log4j.properties file by setting the following property: log4j.logger.com.bea.security.ssl = debug
On WebLogic Server
Modify the WLESWebLogic.conf file by setting the following property: -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
Modify the log4j.properties file by setting the following property: log4j.logger.com.bea.security.ssl = debug