Knowledgebase

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Debugging SSL Connectivity

The SSL Diagnosis Tool can help to debug SSL connectivity issues when using Oracle Entitlements Server (OES); for example ‘BAD_CERTIFICATE’. The tool checks the OES SSL configuration in on the Security Module (SM) side and displays detailed SSL handshake information. This document contains information on how to use the tool.

 

Using the SSL Diagnosis Tool

The SSL Diagnosis Tool should be executed from the SM directory located in ales32-shared/bin. Run the script as follows:

ssldiagnosis.bat|sh <demo|secure>

Choose the Demo option to check SSL certificates created by the demo CA certificate from DemoTrust.jks key store.

Choose the Secure option to check SSL certificates created by using the CA certificate from the cacerts file in the BEA_HOME/jdk-version/jre/lib/security directory.

 

Running the SSL Diagnosis Tool

Use the following procedure to run the SSL Diagnosis Tool. Ensure that the OES Administration Server is running before beginning this procedure.

  1. Open a terminal window.
  2. Change to the BEA_HOME/ales32_shared/bin directory.
  3. Run ssldiagnosis.bat|sh demo.
  4. Enter the Administration Server administrator username and password at the enrollment prompt.
    The default values are admin and password respectively.
  5. Check DEMO CA.
    The default password for demo CA is password and the default CA alias name is alesdemoca.
  6. Check OES Certificates in keystore files.
  7. Check OES components.
    PD and SCM belongs to SM: give directory of any SSM. For example, Java-SSM location value is BEA_HOME/ales32-ssm/java-ssm

 

To Display SSL Handshake Information

To display additional debug messages, set the following properties for the OES Administration Server based on the container in which it is running.

On Tomcat

  1. Modify the WLESTomcat.conf file by setting the following property:
    -Djavax.net.debug=ssl
  2. Modify the log4j.properties file by setting the following property:
    log4j.logger.com.bea.security.ssl = debug

On WebLogic Server

  1. Modify the WLESWebLogic.conf file by setting the following property:
    -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
  2. Modify the log4j.properties file by setting the following property:
    log4j.logger.com.bea.security.ssl = debug

  Back to Top       Previous  Next