How can I test an SSL certificate without disrupting a real service?
This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers.
Usign the command line tool attached you can publish a dummy http service that will provide an SSL tunnel using keypairs as in the real life scenario.
java -jar TestSslServer.jar PORT SSL_PROTOCOL KeyStore ksPassword TrustStore tsPassword CLIENT_AUTH
some examples using real values
java -jar TestSslServer.jar 11443 TLSv1.2 my.jks password my.jks password false > log.txt
This will open port 11443, using TLS 1.2 and the specified keystore and truststore, the false flag means it would not require client certificates and the output would be redirected to log.txt
Once the TestSSLService is up and running you can connect a browser, fiddler or TestHttpClient to test if the certificate is valid from a client perspective.
This should help prevent issues when a new certificate is issued and we are unsure if it would be valid.
log.txt will include the standard javax.net.debug=all log that would be useful to understand if there are any SSL problems. IF a problem is detected talk with your internal security and SSL manager to understand what may be the issue