Troubleshooting SSL connection problems

IBMStreams streamsx.elasticsearch Toolkit > com.ibm.streamsx.elasticsearch 2.1.10 > Troubleshooting SSL connection problems

If you encounter problems connecting to an SSL/TLS server, use the following parameters to diagnose the problem.

NOTE: these parameters should only be used for debugging purposes, and must not be used in production environments as they constitute serious security holes.

  • sslDebug this will cause all debug information from the Java SSL/TLS layer to be dumped to the conole log
  • sslTrustAllCertificates you can use this parameter to detect the following situations:
    • The server uses a self-signed certificate which of course is not trusted by your default Java runtime.
    • The server certificate is signed by a Certification authority that is not trusted by default by your Java runtime
    • The servers certificate chain contains an untrusted certificate

    You can list the trusted certificate authorities in your Java runtime by using the keytool command, for example:

    keytool -keystore "$JAVA_HOME/jre/lib/security/cacerts" -list -storepass changeit

  • sslVerifyHostname in case the certificate chain is valid, but the certificate does not contain the hostname of the server you can use this parameter to temporarily disable hostnam verification.