ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Troublshooting SSL Certificate Trust issues with Endpoints. - How to enable additional SSL logging for JCS connector server.

book

Article ID: 239492

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Establishing a connection to a secure SSL endpoint depends on a trust to be established between the sending and receiving app.  Typically this is as simple as exporting and importing an ssl certificate, but when this fails it can be difficult to determine why.    This doc details how to increase logging at the JCS connector server around SSL connections to aid troubleshooting. 

Environment

Identity Manager 14.3, 14.4
Identity Governance 14.3, 14.4

 

Resolution

For additional SSL related troubleshooting, enable SSL related logging for the JCS service.

In Windows based deployment, this is done by editing the registry and adding

-Djavax.net.debug=ssl:handshake:verbose

to the startup parameter via the registry key Options

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ComputerAssociates\Identity Manager\Procrun 2.0\im_jcs\Parameters\Java

 

 

In Linux based deployment, this is done by adding -Djavax.net.debug=ssl:handshake:verbose to  ../bin/im_jcs


The jcs_service_stdout.log should include additional SSL related details which could be used for troubleshooting

Attachments