When you are working with Glassfish (like I am doing now), you might need to capture your HTTPS traffic. In an earlier post, I explained how to capture and decrypt any SSL/TLS traffic, as long as you have the server private key.
While this method is quite effective and universal, it is still a little cumbersome, especially since the actual SSL decoder in Wireshark is not yet fully integrated into the analyzer itself.
For Sun’s Glassfish application server, there is a fairly simple way to monitor any web services HTTPS traffic:
simply go into the domain.xml file of your domain and add the following <jvm-options>:
The server.log (in <installRoot>/domains/domain1/logs) will then contain the fully assembled web services exchanges.