To use the debug log publisher:
  1. To enable the debug log publisher and set the debug target, run the following configuration changes:
    1. Run dsconfig with the create-debug-target option.
      dsconfig create-debug-target \
           --publisher-name "File-Based Debug Logger" \
           --target-name com.unboundid.directory.server.extensions.TLSConnectionSecurityProvider \
           --set debug-level:verbose
    2. Run dsconfig with the set-log-publisher-prop option.
      dsconfig set-log-publisher-prop \
           --publisher-name "File-Based Debug Logger" \
           --set enabled:true
      
    The logs/debug file captures a substantial amount of information about the TLS-related processing that the server is performing. Although this file doesn't provide as much detail as the Java virtual machine's (JVM) built-in debugging information, it might help to pinpoint the cause of the problem and to identify potential solutions.
  2. To disable the debug log publisher and remove the debug target, run the following configuration changes:
    1. Run dsconfig with the set-log-publisher-prop option.
      dsconfig set-log-publisher-prop \
           --publisher-name "File-Based Debug Logger" \
           --set enabled:false
    2. Run dsconfig with the delete-debug-target option.
      dsconfig delete-debug-target \
           --publisher-name "File-Based Debug Logger" \
           --target-name com.unboundid.directory.server.extensions.TLSConnectionSecurityProvider
      
    Tip:

    To troubleshoot TLS communication with a non-Java client that does not offer its own TLS debugging mechanism, and if the server-side debugging support is insufficient, use a network protocol analyzer to capture the communication between the client and the server and to examine its content. The free, open-source Wireshark utility is a graphical tool that runs on a variety of platforms and provides support for understanding TLS communication. Even if you can't decipher the encrypted content, you can view at least some of the handshake messages.

    Note:

    More of the handshake is encrypted in TLS 1.3 than in earlier versions of the protocol. Although this change improves security and privacy, it might interfere with troubleshooting attempts.