Use tools other than the command-line tools that are provided with the PingDirectory server for performing low-level TLS debugging.
Note:
If you need to use low-level debugging options, enable the Java Virtual Machine (JVM)'s support for TLS debugging. Many of the command-line tools that are provided with the PingDirectory server, such as ldapsearch, offer an --enableSSLDebugging argument that simplifies this process.
The next time the tool is run, an output is generated detailing the TLS-related processing that the JVM is performing. You and the Ping Identity support team can use the output to identify the issue.