Question & Answer
Question
How do you enable the ssl debug logging for the message bus probe?
Answer
You can add the SSL handshake debug logging to the message bus probes environment file.
For example:
cd $NCHOME/omnibus/probes/java
vi nco_p_message_bus.env
# SSL Handshake logging
# NCO_JPROBE_JAVA_FLAGS="-Djavax.net.debug=ssl:handshake:verbose $NCO_JPROBE_JAVA_FLAGS"
# Full handshake logging
NCO_JPROBE_JAVA_FLAGS="-Djavax.net.debug=all:handshake:verbose $NCO_JPROBE_JAVA_FLAGS"
echo "NCO_JPROBE_JAVA_FLAGS=$NCO_JPROBE_JAVA_FLAGS"
# EOF
cd $NCHOME/omnibus/probes/java
vi nco_p_message_bus.env
# SSL Handshake logging
# NCO_JPROBE_JAVA_FLAGS="-Djavax.net.debug=ssl:handshake:verbose $NCO_JPROBE_JAVA_FLAGS"
# Full handshake logging
NCO_JPROBE_JAVA_FLAGS="-Djavax.net.debug=all:handshake:verbose $NCO_JPROBE_JAVA_FLAGS"
echo "NCO_JPROBE_JAVA_FLAGS=$NCO_JPROBE_JAVA_FLAGS"
# EOF
The SSL detail will be logged to the standard output stream.
Redirect the messages or use typescript to capture the new logging.
Redirect the messages or use typescript to capture the new logging.
For example:
cd $NCHOME/omnibus/probes
./nco_p_message_bus -propsfile ./message_bus.props > $NCHOME/omnibus/log/message_bus.ssl.log
cd $NCHOME/omnibus/probes
./nco_p_message_bus -propsfile ./message_bus.props > $NCHOME/omnibus/log/message_bus.ssl.log
For quick checks of the SSL log use these commands:
Found certificates:
grep -i found $NCHOME/omnibus/log/message_bus.ssl.log
grep -i found $NCHOME/omnibus/log/message_bus.ssl.log
found key for : <FQD>
SSL logging:
grep '\*\*\*' $NCHOME/omnibus/log/message_bus.ssl.log
grep '\*\*\*' $NCHOME/omnibus/log/message_bus.ssl.log
*** ClientHello, TLSv1.2
*** ServerHello, TLSv1.2
*** Certificate chain
*** ECDH ServerKeyExchange
*** ServerHelloDone
*** ECDHClientKeyExchange
*** Finished
*** Finished
*** ServerHello, TLSv1.2
*** Certificate chain
*** ECDH ServerKeyExchange
*** ServerHelloDone
*** ECDHClientKeyExchange
*** Finished
*** Finished
Common Names:
grep 'CN=' $NCHOME/omnibus/log/message_bus.ssl.log
grep 'CN=' $NCHOME/omnibus/log/message_bus.ssl.log
Subject: CN=<FQDN>, OU=Tivoli, O=Netcool, L=New York, ST=New York, C=US
Issuer: EMAILADDRESS=root@<FQDN>, CN=<FQDN>, OU=Tivoli, O=IBM, L=New York, ST=New York, C=US
Issuer: EMAILADDRESS=root@<FQDN>, CN=<FQDN>, OU=Tivoli, O=IBM, L=New York, ST=New York, C=US
TLS protocol:
grep -i tls $NCHOME/omnibus/log/message_bus.ssl.log
grep -i tls $NCHOME/omnibus/log/message_bus.ssl.log
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
...
*** ClientHello, TLSv1.2
*** ServerHello, TLSv1.2
...
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
...
*** ClientHello, TLSv1.2
*** ServerHello, TLSv1.2
...
Enabling the transport debug logging can add more detail.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSSHTQ","label":"Tivoli Netcool\/OMNIbus"},"ARM Category":[{"code":"a8m500000008a8TAAQ","label":"Probes-\u003E1 Individual Probes-\u003EMessage Bus JSON XML nco_p_message_bus"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
22 July 2024
UID
ibm16490875