Secure PNC Logging

In most cases, you can inspect the DMZGatewayServer.log for log entries of interest.  

For more detailed SSL logging, edit the DMZGatewayServerService.conf file by uncommenting this line and restarting the DMZ Gateway server service:

#wrapper.java.additional.6=-Djavax.net.debug=ssl:handshake:data

This will print each SSL handshake message to the DMZGatewayServerService.log file.

Other options for javax.net.debug can be found in https://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug.

It is generally easier to troubleshoot secure PNC communication issues from the perspective of the DMZ Gateway due to the detailed logging that Java offers through that javax.net.debug option.

You can also use Wireshark to observe the communication from another perspective and/or to validate that encryption is actually being used on the channel.