Sorry, David. It looks like there are new options for javax.net.debug they
were introduced after I was messing with this. Try

-Djavax.net.debug=all

and see what you get there. You might try with the site that works (with
the public CA) and see where the difference is. Here are the debugging
options so you can mess with them. I don't know if "all" gives you all of
the detail.

Good luck,
Gary

JSSE provides dynamic debug tracing support. This is similar to the
support used for debugging access control failures in the Java 2 platform.
The generic Java dynamic debug tracing support is accessed with the system
property java.security.debug, while the JSSE-specific dynamic debug tracing
support is accessed with the system property javax.net.debug.

Note: The debug utility is not an officially supported feature of JSSE.

To view the options of the JSSE dynamic debug utility, use the following
command-line option on the java command:

-Djavax.net.debug=help

Note: If you specify the value help with either dynamic debug utility
when running a program that does not use any classes that the utility was
designed to debug, you will not get the debugging options.

Here is a complete example of how to get a list of the debug options:

java -Djavax.net.debug=help MyApp

where MyApp is an application that uses some of the JSSE classes. MyApp
will not run after the debug help information is printed, as the help code
causes the application to exit.

Here are the current options:

all turn on all debugging
ssl turn on ssl debugging

The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing

handshake debugging can be widened with:
data hex dump of each handshake message
verbose verbose handshake message printing

record debugging can be widened with:
plaintext hex dump of record plaintext

The javax.net.debug property value must specify either all or ssl,
optionally followed by debug specifiers. You can use one or more options.
You do not have to have a separator between options, although a separator
such as ":" or "," helps readability. It doesn't matter what separators you
use, and the ordering of the option keywords is also not important.
Examples

* To view all debugging messages:

java -Djavax.net.debug=all MyApp

* To view the hexadecimal dumps of each handshake message, you can
type the following, where the colons are optional:

java -Djavax.net.debug=ssl:handshake:data MyApp

* To view the hexadecimal dumps of each handshake message, and to
print trust manager tracing, you can type the following, where the commas
are optional:

java -Djavax.net.debug=SSL,handshake,data,trustmanager MyApp


-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-
bounces@xxxxxxxxxxxx] On Behalf Of David Gibbs
Sent: Thursday, November 08, 2007 1:10 PM
To: Java Programming on and around the iSeries / AS400
Subject: Re: Private CA 'jssecacerts' file location?

Gary L Peskin wrote:
Hmmm. Try including -Djavax.net.debug=true on your command line
invoking
your little test program and see if it produces a trace.

It does indeed.

http://code.midrange.com/ba2fc53205.html

david


--
System i ... for when you can't afford to be out of business
--
This is the Java Programming on and around the iSeries / AS400
(JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.