To debug Tomcat, change the logging-level for 'org.apache.tomcat.util.net' to DEBUG.
To debug JSSE, include the option '-Djavax.net.debug=ssl' on the command line. "Michael Jeffrey Tucker" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > I am still trying to figure out what is going wrong with my client-side > authentication. I've started using the OpenSSL command line tool to debug, > rather than a web browser. From the command line I am running: > > OpenSSL> s_client -connect localbox:8443 -cert client.pem -CAfile ca.pem > -state > > Which open an SSL connection to my Tomcat connector port, with the > provided clientside cert and the cert for my CA. I am getting the > following output: > > Loading 'screen' into random state - done > CONNECTED(000002CC) > SSL_connect:before/connect initialization > SSL_connect:SSLv2/v3 write client hello A > SSL_connect:SSLv3 read server hello A > depth=1 > /C=US/ST=Ma/L=Camb/O=MyCompany/OU=MyGroup/CN=ENDECA-CA/[EMAIL PROTECTED] > verify return:1 > depth=0 > /C=US/ST=Ma/O=MyCompany/OU=MyGroup/CN=localbox > verify return:1 > SSL_connect:SSLv3 read server certificate A > SSL_connect:SSLv3 read server key exchange A > SSL_connect:SSLv3 read server certificate request A > SSL_connect:SSLv3 read server done A > SSL_connect:SSLv3 write client certificate A > SSL_connect:SSLv3 write client key exchange A > SSL_connect:SSLv3 write certificate verify A > SSL_connect:SSLv3 write change cipher spec A > SSL_connect:SSLv3 write finished A > SSL_connect:SSLv3 flush data > SSL_connect:error in SSLv3 read finished A > SSL_connect:error in SSLv3 read finished A > write:errno=10054 > > But I can't figure out how to find a log of what is happening on the other > side. I am using Tomcat 4.0.1 on a RedHat 7.3 system, but I don't know > where to look to find the JSSE output. I have looked at the tomcat log > files, and the catalina_log shows "The incoming request has been awaited" > and "The incoming request has been assigned", but there is nothing in my > access log or anything at all related to SSL or JSSE. > > If you have any suggestions on how to debug this problem, please let me > know. > > Thanks, > Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
