It is possible to configure Tomcat for SSL so that certificates are used by the web browser via https. 

If problems are encountered after following the guidance for implementing SSL with Tomcat, it may be useful to gather debug information from Tomcat for more information to help with root cause analysis.

How can I configure CA Service Desk Manager to collect debug information from Tomcat for SSL-related problems?

As per best practices, then make a backup of any files that are to be changed. In this case, make a backup copy of the NX.env file.

Edit the NX.env file.  Add one of the following parameters to the appropriate"JAVA_OPTIONS" environment variable in the NX.env file:

-Djavax.netdebug=ssl,handshake

-Djavax.net.debug=ssl

-Djavax.net.debug=all

For example, change:

@NX_JAVA_OPTIONS=-Djava.net.preferIPv4Stack=false -Xms64M -Xmx1024M

to:

@NX_JAVA_OPTIONS=-Djava.net.preferIPv4Stack=false -Xms64M -Xmx1024M -Djavax.net.debug=all

Save the file.

Restart Tomcat by running "pdm_tomcat_nxd -c STOP", waiting a minute or two, and then running "pdm_tomcat_nxd -c START".

The addition of the parameter to the options causes additional messages to be written to the $NX_ROOT\log\jsrvr.log file.

(If you may want the change to persist, make the same change to the NX.env_nt.tpl file.)

Remove the added parameter from the environment variable and recycle Tomcat as soon as it is no longer needed, so that any potential performance impact of writing the additional debug messages is avoided.