Blog Viewer

Tech Tip : CA Single Sign-On :Administrative UI : How to enable SSL Debugging

By Ujwol posted 12-13-2016 06:25 PM

  

Introduction

How to enable SSL Debugging in Admin UI ?

Instructions

The SSL Debugging can be enabled by adding following to the JVM startup option : -Djavax.net.debug=all.

This can be done as following :

 

R12.52SP2

Modify the standalone.bat located at <AdminUI_Install_Directory>\adminui\bin as follow :

Change :

 

:RESTART

rem if x%XLOGGC% == x (

  "%JAVA%" %JAVA_OPTS% ^

   "-Dorg.jboss.boot.log.file=%JBOSS_LOG_DIR%\server.log" ^

   "-Dlogging.configuration=file:%JBOSS_CONFIG_DIR%/logging.properties" ^

      -jar "%JBOSS_HOME%\jboss-modules.jar" ^

      -mp "%JBOSS_MODULEPATH%" ^

      -jaxpmodule "javax.xml.jaxp-provider" ^

       org.jboss.as.standalone ^

      "-Djboss.home.dir=%JBOSS_HOME%" ^

       %SERVER_OPTS%

 

To,

:RESTART

rem if x%XLOGGC% == x (

  "%JAVA%" %JAVA_OPTS% ^

   "-Dorg.jboss.boot.log.file=%JBOSS_LOG_DIR%\server.log" ^

   "-Djavax.net.debug=all" ^

   "-Dlogging.configuration=file:%JBOSS_CONFIG_DIR%/logging.properties" ^

      -jar "%JBOSS_HOME%\jboss-modules.jar" ^

      -mp "%JBOSS_MODULEPATH%" ^

      -jaxpmodule "javax.xml.jaxp-provider" ^

       org.jboss.as.standalone ^

      "-Djboss.home.dir=%JBOSS_HOME%" ^

       %SERVER_OPTS%

 

R12.52SP1 and below

Modify the run.bat located at <AdminUI_Install_Directory>\adminui\bin as follow :

Change :

:RESTART

"%JAVA%" %JAVA_OPTS% ^

   -Djava.endorsed.dirs="%JBOSS_ENDORSED_DIRS%" ^

   -classpath "%JBOSS_CLASSPATH%" ^

   org.jboss.Main %*

 

To,

 

:RESTART

"%JAVA%" %JAVA_OPTS% ^

   -Djava.endorsed.dirs="%JBOSS_ENDORSED_DIRS%" ^

   -Djavax.net.debug=all ^

   -classpath "%JBOSS_CLASSPATH%" ^

   org.jboss.Main %*

3 comments
0 views

Comments

12-16-2016 03:06 PM

Hi Raja,


This is only for debugging SSL on Admin UI side, so like certificate used for SSL connection to Admin UI or the one used for LDAP for external Administrative Authentication.


I think I did test this recently by running the run.bat (on windows) and it worked for me.


What error are you getting while running run.sh?

May be open a new question/thread for it?


Regards,

Ujwol


12-16-2016 02:42 PM

Hello Ujwol,

 

I believe Admin UI is interface to communicate with policy store but the actual webagent/proxy requests will be served by policy server, how does enabling ssl debugging on wamui will help from policy server perspective or is it only limited to wamui?

 

I have tried adding exit (0) to run.sh since terminating the command is shutting down wamui and running it as background process (nohup ./run.sh &) is the only option but it did  not work since it's looking to send the value. Is there a way to start wamui and exit from shell simultaneously?

 

Thank you.

Raja Shravan

12-13-2016 06:29 PM