How to activate ssl debug logs in a server-to-server install?

Tristan1070 · May 3, 2018, 3:19pm

Hi,

I’m trying to debug certificate issues in a server-to-server installation where I get some cryptic messages like “null cert chain” or “No issuer certificate for certificate in certification path found” (but no certificate name is shown in logs, and every possible certificates (cert, intermediary, root) have already been added in trust store both side anyway).

I have tried to add a “-Djavax.net.debug=ssl” and even a “-Djavax.net.debug=all”, but it doesn’t change the “all.log” at all.

Tristan1070 · May 4, 2018, 1:02pm

I’ve tried to complete log4j.xml to log “System.out” and “System.err”, but it’s not logging any SSL trace.

    <appender name="stdout" class="org.apache.log4j.RollingFileAppender">
        <param name="File" value="${openfireHome}/logs/stdout.log" />
        <param name="MaxFileSize" value="1024KB"/>
        <param name="MaxBackupIndex" value="5"/>
        <param name="Target" value="System.out"/>
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%d{yyyy.MM.dd HH:mm:ss} %-5p [%t]: %c - %m%n" />
        </layout>
    </appender>

    <root>
        <level value="info" />
        <appender-ref ref="stdout" />
        <appender-ref ref="stderr" />
(...)
    </root>