Debugging SSL

From wiki.kungfootek.net
Jump to: navigation, search

Java SSL Debuggery

Use case: New Tomcat Sha1 to Sha256 SSL Certs on the servers themselves and SSL not terminated at the Load Balancers. Browsers were happy with the connection but Java connections to Java SSL endpoints were refusing to connect.


SSLPoke started with Atlassian If you just want to get start testing it's easier to get it from Atlassian Website Direct Download - Right click and 'copy link address' and use with wget to download directly to the server to test from.


java SSLPoke <host> <port>

Java has a TRUST Store and a separate KEY store.

java -Djavax.net.ssl.trustStore=<Path to TRUST Store> SSLPoke <host> <port>

Java Debug:

java -Djavax.net.ssl.trustStore=<Path to TRUST Store> -Djavax.net.debug=ssl SSLPoke <host> <port>
or:
java -Djavax.net.ssl.trustStore=<Path to TRUST Store> -Djavax.net.debug=ssl:trustmanager SSLPoke <host> <port>