To enable SSL trace in the SAP Cloud Connector perform following steps:
- stop SAP Cloud Connector service
- open <drive>:\sap\scc20\props.ini file with a text editor
- add JVM parameter -Djavax.net.debug=ssl to the end of #jvm section
props.ini
#jvm -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Xms1024m -Xmx1024m -XX:MaxNewSize=512m -XX:NewSize=512m -XX:+UseConcMarkSweepGC -XX:TargetSurvivorRatio=85 -XX:SurvivorRatio=6 -XX:MaxDirectMemorySize=2G -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=com.sap.scc.tomcat.utils.PropertyDigester -Dosgi.requiredJavaVersion=1.6 -Dosgi.install.area=. -DuseNaming=osgi -Dorg.eclipse.equinox.simpleconfigurator.exclusiveInstallation=false -Dcom.sap.core.process=ljs_node -Declipse.ignoreApp=true -Dosgi.noShutdown=true -Dosgi.framework.activeThreadType=normal -Dosgi.embedded.cleanupOnSave=true -Dosgi.usesLimit=30 -Djava.awt.headless=true -Dio.netty.recycler.maxCapacity.default=256 -Djavax.net.debug=ssl
- start SAP Cloud Connector service
- the SSL trace will be collected in <drive>:\sap\scc20\log\ljs_trace.log file
- when SSL tracing is finished, stop SAP Cloud Connector service
- remove the -Djavax.net.debug=ssl JVM parameter from the props.ini file.
Ensure that JVM parameter is added to a new line otherwise, it has no effect on tracing like in this case:
props.ini
#jvm ... -Djava.awt.headless=true -Dio.netty.recycler.maxCapacity.default=256-Djavax.net.debug=ssl
Since SAP Cloud Connector 2.12.2 the TLS trace can be enabled from the Cloud Connector UI:
It needs a cloud connector restart.