KB-2115 How to enable SSL debug logs

DISCLAIMER: Enabling this logging may reveal sensitive information in the log. This configuration should not be used in production systems.

Purpose

This article provides instructions on how to enable SSL debug logging in the application server log in order to troubleshoot certificate issues.

Instructions

Tomcat

Open the setenv.(sh|bat) file located in <APPIAN_HOME>/tomcat/apache-tomcat/bin.

Near the top of the file there is a list of export/set CATALINA_OPTS statements where each line starts with the following:

  • Linux (.sh): export CATALINA_OPTS="$CATALINA_OPTS
  • Windows (.bat): set CATALINA_OPTS=%CATALINA_OPTS%

Add the following text on a new line at the bottom of the list:

20.1 and earlier

  • Linux (.sh): export CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.debug=ssl"
  • Windows (.bat): set CATALINA_OPTS=%CATALINA_OPTS% -Djavax.net.debug=ssl

20.2 and later

  • Linux (.sh): export CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.debug=ssl:handshake"
  • Windows (.bat): set CATALINA_OPTS=%CATALINA_OPTS% -Djavax.net.debug=ssl:handshake

Then save the file and restart the Tomcat process.

JBoss

Add the following to the CUSTOM_JAVA_OPTS variable in standalone.custom.(sh|bat) <JBOSS_HOME>/bin:

-Djavax.net.debug=ssl:handshake

Then restart the JBoss process.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: October 2021

Related
Recommended