--- title: Using low-level TLS debugging description: Use tools other than the command-line tools that are provided with the PingDirectory server for performing low-level TLS debugging. component: pingdirectory version: 11.0 page_id: pingdirectory:managing_servers_and_certificates:pd_ds_low_level_tls_debugging canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/managing_servers_and_certificates/pd_ds_low_level_tls_debugging.html revdate: August 12, 2024 section_ids: before-you-begin: Before you begin steps: Steps next-steps: Next steps --- # Using low-level TLS debugging Use tools other than the command-line tools that are provided with the PingDirectory server for performing low-level TLS debugging. ## Before you begin | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you need to use low-level debugging options, enable the Java Virtual Machine (JVM)'s support for TLS debugging. Many of the command-line tools that are provided with the PingDirectory server, such as `ldapsearch`, offer an `--enableSSLDebugging` argument that simplifies this process. | ## Steps 1. In the `config/java.properties` file, add the following line to the set of properties for the appropriate tool. ``` -Djavax.net.debug=all ``` 2. For the changes to take effect, run the `bin/dsjavaproperties` command. ## Next steps The next time the tool is run, an output is generated detailing the TLS-related processing that the JVM is performing. You and the Ping Identity support team can use the output to identify the issue.