Note:

If you need to use low-level debugging options, enable the Java Virtual Machine (JVM)'s support for TLS debugging. Many of the command-line tools that are provided with PingDirectory Server, such as ldapsearch, offer an --enableSSLDebugging argument that simplifies this process.

  1. In the config/java.properties file, add the following line to the set of properties for the appropriate tool.
    -Djavax.net.debug=all
  2. For the changes to take effect, run the bin/dsjavaproperties command.

The next time the tool is run, an output is generated detailing the TLS-related processing that the JVM is performing. You and the Ping Identity support team can use the output to identify the issue.