I am having an SSL issue with APM (such as the EM or TIM.) What third-party tools can I use to debug these issues?
There are a variety of tools that one can use. Some of the more popular ones are:
1) OpenSSL Toolkit -- Use to check if the private key is correct. Helpful in verifying if SSL is enabled, with which protocol (SSLv3/TLSv1), and to pull the CA Public Certificate regardless if the server is a web server on HTTPS or a LDAP server using LDAPS (including Active Directory)
Typically, this binary is part of the operating system, or part of most solutions. No need to install.
Examples:
openssl s_client -connect hostname:port -showcerts [Great command to capture the CA Public Cert from the console, including the intermediate and root certs; no need to use other tools]
openssl s_client -connect hostname:port -ssl3 [Confirm if SSLv3 is used; this should be blocked, unless the solution is NOT able to use TLS1 or higher]
2) SSLDump -- Not updated in many years but helpful with SSL cipher suites.
3) Wireshark -- Use to see cipher suites, compression, alert codes, and CP resets.
4) Netstat -- Use to see open and hung connections.
5) Microsoft Network Monitor for Windows -- View network traffic.
6) Fiddler -- View HTTP/HTTPS from a browser perspective.
7) Keytool or Keystore Explorer for java keystores.
8) Create a CA root for testing.
9) Mozilla has a great page on SSL cipher suites.
10) Tcpreplay - to replay the traffic into the TIM with pre-loaded private key for that traffic flow.
11) SSL Server Test -- Many examples of these type of pages.
1) OpenSSL Toolkit -- https://www.openssl.org/source/ -- Linux & https://slproweb.com/products/Win32OpenSSL.html -- Windows
2) SSLDump -- http://ssldump.sourceforge.net/
3) Wireshark -- https://www.wireshark.org/
4) Netstat -- https://en.wikipedia.org/wiki/Netstat
5) Microsoft Network Monitor -- http://www.microsoft.com/en-us/download/details.aspx?id=4865
6) Fiddler -- http://www.telerik.com/fiddler
7) Keytool -- https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
Keytool Explorer -- http://keystore-explorer.sourceforge.net/
8) CA Root Tool --
https://jamielinux.com/docs/openssl-certificate-authority/
9) Mozilla SSL Cipher Suite page -- https://wiki.mozilla.org/Security/Server_Side_TLS
10) Tcpreplay -- http://tcpreplay.appneta.com/ There are many other sites.
11) SSL Server Test -- https://www.ssllabs.com/ssltest/index.html