Some unexpected behavior is observed in a TIBCO Streaming application, which may related to Java security settings. How can we get more detailed logging on activities relating to Java security?
 

The Java security settings are configured under $STREAMBASE_HOME/jdk/conf/security/java.security. To enable debug logging for the java.security configuration, set the 'java.security.debug' system property.

For example, set -Djava.security.debug=certpath to validate information on certificates used by the application. Sample debug output:
 

com.tibco.ep.dtm.stderr: certpath: X509CertSelector.match(SN: 66c9fcf99bf8c0a39e2f0788a43e696365bca
com.tibco.ep.dtm.stderr:   Issuer: CN=Amazon Root CA 1, O=Amazon, C=US
com.tibco.ep.dtm.stderr:   Subject: CN=Amazon Root CA 1, O=Amazon, C=US)
com.tibco.ep.dtm.stderr: certpath: X509CertSelector.match returning: true
com.tibco.ep.dtm.stderr: certpath: YES - try this trustedCert
com.tibco.ep.dtm.stderr: certpath: anchor.getTrustedCert().getSubjectX500Principal() = CN=Amazon Root CA 1, O=Amazon, C=US
com.tibco.ep.dtm.stderr: certpath: AlgorithmChecker.contains: SHA256withRSA
com.tibco.ep.dtm.stderr: certpath: AnchorCertificate.contains: matched CN=Amazon Root CA 1, O=Amazon, C=US

Set -Djava.security.debug=configfile to troubleshoot issues relating to a JAAS configuration (as used, for example, when using Kerberos SASL/SSL authentication).

Set -Djava.security.debug=keystore to get more details on any keystores being used by the application. Sample debug output:
 

com.tibco.ep.dtm.stderr: keystore: JavaKeyStore load: private key count: 0. trusted key count: 93
com.tibco.ep.dtm.stderr: keystore: Loaded a keystore in JKS format

Set -Djava.security.debug=pkcs12 to troubleshoot issues relating to key/trust stores in pkcs12 (*.p12) format.

For more details, follow Oracle's guidance on troubleshooting security-related issues.
 

Discusses debug options for issues relating to the java.security settings for a TIBCO Streaming application.