Hi Mark, Thanks for the info.
In a nutshell I think the certpath,provider would be sufficient. I'm thinking that I can add this to the java options as -Djava.security.debug=ssl:certpath,provider however I don't know how to specify where to log the information. Thanks, Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -----Original Message----- > From: Christopher Schultz <ch...@christopherschultz.net> > Sent: Friday, January 6, 2023 2:41 PM > To: users@tomcat.apache.org > Subject: Re: Basic SSL Certificate Usage logging > > Mark, > > On 1/6/23 15:00, Mark Thomas wrote: > > Hi Jon, > > > > In a word, no. Sorry. > > > > Some sort of info log message probably makes sense for this. SNI makes > > things a little more complicated but we should be able to do something. > > What is the minimum info you'd like to see? > > How about adding a request attribute with some kind of identifier (fpr? > serial-number?) in it and indicates at least which server-cert was chosen. > Then it can trivially be added to e.g. access_log or even to application code > which wants to do custom logging. > > -chris > > > On 06/01/2023 18:52, jonmcalexan...@wellsfargo.com.INVALID wrote: > >> Good afternoon and Happy New Year, > >> > >> I know about the SSL debug logging, however, I'm checking to see if > >> there is any out-of-the-box option to capture in a log which SSL > >> certificate and trust keystore is being used during startup? > >> > >> Thanks, > >> > >> Dream * Excel * Explore * Inspire > >> Jon McAlexander > >> Senior Infrastructure Engineer > >> Asst. Vice President > >> He/His > >> > >> Middleware Product Engineering > >> Enterprise CIO | EAS | Middleware | Infrastructure Solutions > >> > >> 8080 Cobblestone Rd | Urbandale, IA 50322 > >> MAC: F4469-010 > >> Tel 515-988-2508 | Cell 515-988-2508 > >> > >> > jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com> > >> This message may contain confidential and/or privileged information. > >> If you are not the addressee or authorized to receive this for the > >> addressee, you must not use, copy, disclose, or take any action based > >> on this message or any information herein. If you have received this > >> message in error, please advise the sender immediately by reply > >> e-mail and delete this message. Thank you for your cooperation. > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org