Tomcat fails to present a web page when SSL is configured. How can I get debug information at the Tomcat level?

Document ID : KB000013258
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

It is possible to configure Tomcat for SSL so that certificates are used by the web browser via https. 

If problems are encountered after following the guidance for implementing SSL with Tomcat, it may be useful to gather debug information from Tomcat for more information to help with root cause analysis.

Question:

How can I configure CA Service Desk Manager to collect debug information from Tomcat for SSL-related problems?

Environment:
CA Service Desk Manager - ALL versions
Answer:

As per best practices, then make a backup of any files that are to be changed. In this case, make a backup copy of the NX.env file.

Edit the NX.env file.  Add one of the following parameters to the appropriate"JAVA_OPTIONS" environment variable in the NX.env file:

-Djavax.netdebug=ssl,handshake

-Djavax.net.debug=ssl

-Djavax.net.debug=all

For example, change:

@NX_JAVA_OPTIONS=-Djava.net.preferIPv4Stack=false -Xms64M -Xmx1024M

to:

@NX_JAVA_OPTIONS=-Djava.net.preferIPv4Stack=false -Xms64M -Xmx1024M -Djavax.net.debug=all

Save the file.

Restart Tomcat by running "pdm_tomcat_nxd -c STOP", waiting a minute or two, and then running "pdm_tomcat_nxd -c START".

The addition of the parameter to the options causes additional messages to be written to the $NX_ROOT\log\jsrvr.log file.

(If you may want the change to persist, make the same change to the NX.env_nt.tpl file.)

Remove the added parameter from the environment variable and recycle Tomcat as soon as it is no longer needed, so that any potential performance impact of writing the additional debug messages is avoided.

Additional Information:

Several "JAVA_OPTIONS" environment variables exist in the NX.env file of a CA Service Desk Manager server environment.  The environment variables are apply to different Tomcat instances.

For example, in an out-of-the-box CA Service Desk Manager environment, the statements in the NX.env file are:

@NX_JAVA_OPTIONS=-Djava.net.preferIPv4Stack=false -Xms64M -Xmx512M

@NX_JAVA_OPTIONS_REST=-Djava.net.preferIPv4Stack=false -Xms64M -Xmx512M -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Dfile.encoding=UTF-8

@NX_JAVA_OPTIONS_FS=-Djava.net.preferIPv4Stack=false -Xms64M -Xmx512M -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Dfile.encoding=UTF-8

@NX_JAVA_OPTIONS_VIZ=-Djava.net.preferIPv4Stack=false -Xms64M -Xmx1024M

The above 4 environment variables pertain to the SERVICEDESK Tomcat, REST Tomcat, Federated Search (FS) Tomcat, and Visualizer (VIZ) Tomcat.

There may be more or less entries, depending on the release/version of CA Service Desk Manager in the environment. 

The NX.env file exists in CA Service Desk Manager base installation directory on the server, $NX_ROOT.  To navigate to that directory, in a Windows environment, open a Command Prompt window and type "nxcd".

The NX.env_nt.ptl file exists in the $NX_ROOT\pdmconf directory.

TEC442708 Is it possible to recycle Tomcat without restarting the entire Service Desk Manager application?

TEC587823 Configuring SSL for Tomcat with CA Service Desk Manager

TEC1659789 Enable SSL in Tomcat for CA Service Desk Manager using Self-Signed Certificate