Sorry, David. It looks like there are new options for javax.net.debug they
were introduced after I was messing with this. Try
-Djavax.net.debug=all
and see what you get there. You might try with the site that works (with
the public CA) and see where the difference is. Here are the debugging
options so you can mess with them. I don't know if "all" gives you all of
the detail.
Good luck,
Gary
JSSE provides dynamic debug tracing support. This is similar to the
support used for debugging access control failures in the Java 2 platform.
The generic Java dynamic debug tracing support is accessed with the system
property java.security.debug, while the JSSE-specific dynamic debug tracing
support is accessed with the system property javax.net.debug.
Note: The debug utility is not an officially supported feature of JSSE.
To view the options of the JSSE dynamic debug utility, use the following
command-line option on the java command:
-Djavax.net.debug=help
Note: If you specify the value help with either dynamic debug utility
when running a program that does not use any classes that the utility was
designed to debug, you will not get the debugging options.
Here is a complete example of how to get a list of the debug options:
java -Djavax.net.debug=help MyApp
where MyApp is an application that uses some of the JSSE classes. MyApp
will not run after the debug help information is printed, as the help code
causes the application to exit.
Here are the current options:
all turn on all debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
handshake debugging can be widened with:
data hex dump of each handshake message
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
The javax.net.debug property value must specify either all or ssl,
optionally followed by debug specifiers. You can use one or more options.
You do not have to have a separator between options, although a separator
such as ":" or "," helps readability. It doesn't matter what separators you
use, and the ordering of the option keywords is also not important.
Examples
* To view all debugging messages:
java -Djavax.net.debug=all MyApp
* To view the hexadecimal dumps of each handshake message, you can
type the following, where the colons are optional:
java -Djavax.net.debug=ssl:handshake:data MyApp
* To view the hexadecimal dumps of each handshake message, and to
print trust manager tracing, you can type the following, where the commas
are optional:
java -Djavax.net.debug=SSL,handshake,data,trustmanager MyApp
-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-
bounces@xxxxxxxxxxxx] On Behalf Of David Gibbs
Sent: Thursday, November 08, 2007 1:10 PM
To: Java Programming on and around the iSeries / AS400
Subject: Re: Private CA 'jssecacerts' file location?
Gary L Peskin wrote:
Hmmm. Try including -Djavax.net.debug=true on your command line
invoking
your little test program and see if it produces a trace.
It does indeed.
http://code.midrange.com/ba2fc53205.html
david
--
System i ... for when you can't afford to be out of business
--
This is the Java Programming on and around the iSeries / AS400
(JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.
midrange.com
