If you are experiencing issues with establishing an SSL mainframe connection, then you can enable tracing to help debug the issues. Tracing can be enabled through the Consolidated Tracing Facility (CTF).
To enable tracing you need to add ccitrace-base and ccitcp-base elements to your CCI.INI file; for example:
[ccitcp-targets] CCITCPT_CSIMVSSSL=,MFCONN:SSL:"C:\SSL\CSIMVS-root-cert.pem":"C:\SSL\CSIMVS-MYUSER-cert.pem"::"C:\SSL\CSIMVS-MYUSER-key.der":A1B2C3D4,MFNODE:CSIMVS,MFPORT:20201 [ccitrace-base] force_trace_on=yes data_trace=yes protocol_trace=yes internal_net_api=yes trace_file_name=ccitrc [ccitcp-base] ssl_display_cipher=yes ssl_display_cert=yes ssl_display_cert_fail_report=yes ssl_display_cert_connection_details=yes ssl_display_options_on=yes ssl_display_destination=c:\SSL\ssltrc.txt
For ssl_display_destination, you need to specify an absolute non-spacey path to a location that you have write permissions to. This defines the file and location containing the log information for your SSL usage.
Create a ctf.cfg file in a non-spacey path location containing the following:
## MFTRACE configuration file mftrace.emitter.es#level = 99999 mftrace.emitter.textfile#location = c:\SSL\ctf mftrace.emitter.textfile#Format = $(TIME) $(THREAD) $(COMPONENT) $(EVENT) $(LEVEL) :$(DATA) mftrace.level.mf.cci = info mftrace.level = debug
For the mftrace.emitter.textfile#location, you need to specify a non-spacey location that you have write permissions for. This defines the folder where your CTF output is written to.
From an Enterprise Developer command prompt, set the MFTRACE_CONFIG environment variable to the location of your ctf.cfg file; for example, enter:
set MFTRACE_CONFIG=C:\SSL\ctf.ctg
If you now open mfdasmx.exe or eclipse.exe in an Enterprise Developer command prompt, tracing is enabled. You can use the CTF trace to diagnose issues with the SSL mainframe connection.