- Find Answers
- :
- Splunk Platform
- :
- Splunk AppDynamics
- :
- HTTP Request failing due to self-signed cert on ta...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HTTP Request failing due to self-signed cert on target server
We are attempting to use an HTTP Request in AppDynamics to scale up/down a VM based on business transactions. The scaling is being done by CloudCenter. Unfortunately, the request is not being accepted due to the CloudCenter Manager using a self-signed cert. When testing the request, we see the following error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Would it be possible to bypass this cert check in the AppD Controller? We've had a similar issue with Jenkins, so we were hoping to mitigate the problem with the same solution - importing the cert into the AppD Controller keystore - but we were unable to find the java installation directory to complete the necessary steps.
This is the link we were following:
https://erikzaadi.com/2011/09/09/connecting-jenkins-to-self-signed-certificated-servers/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try below steps
Choose a single format and start the uploading process. If you choose PEM, follow the steps mentioned in Scenario 1 or directly move to Scenario 2 if you have selected the PKCS#7 format.
Scenario1
Step1: Import the Root and Intermediate Certificates (CA bundle) by using the command given below:
keytool -import -trustcacerts -alias ca -file file.ca-bundle -keystore mykeystore.jks
Note: The alias name and keystore alias names should not be the same.
Step 2: Utilize the below-written code to upload the files after importing the SSL certificate:
keytool -import -trustcacerts -alias myalias -file file.crt -keystore mykeystore.jks
Note: The alias and keystore alias names should be the same.
Scenario2:
Step 1: Use the command given below to upload every single file in one go:
keytool -import -trustcacerts -alias myalias -file file.p7b -keystore mykeystore.jks
The alias attribute must match the alias set for your keystore.
Note: You will be prompted to enter the keystore password and ensure that the attribute – myalias, matches the alias set for your keystore. (If you have doubts, use this command: “keytool -list -v -keystore mykeystore.jks” to see the alias name.)
Check this one https://cheapsslweb.com/resources/how-to-install-an-ssl-certificate-on-glassfish if you still facing the issues
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Andrew,
The AppDynamics Controller is GlassFish. I found some generic instructions for installing a SSL certificate on a GlassFish appserver.
The command line to import the cert will looks something like this:
keytool -import -trustcacerts -alias s1as -file "/opt/AppDynamics/Controller/appserver/glassfish/domains/domain1/config/certnew.cer" -keystore "/opt/AppDynamics/Controller/appserver/glassfish/domains/domain1/config/keystore.jks"
Regards,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We actually attempted to do this last night. Unfortunately, following these steps results in the AppD Controller crashing.
Here are the steps we followed:
- Copy public.key and public.crt to the /tmp directory on the AppD machine.
- keytool -import -trustcacerts -alias ccm -file public.crt -keystore /usr/local/appdynamics/AppDPlatform/controller/appserver/glassfish/domains/domain1/config/keytool.jks
- Answer “Yes”
- Stop Controller
- Start Controller
However, once the Controller came back from the reboot, we could never get back into the GUI. The closest error we could get from the logs was:
ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [localhost], port[443], exception [Fatal transport error while connecting to URL [/controller/instance/0/applicationConfiguration]]
Any more thoughts? FWIW, this is what we did on the CCM to create the cert:
- openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-private-selfsigned.key -out nginx-private-selfsigned.crt
- Answer questions. Most importantly the Common Name question - give it the (public in this case) IP of the server in question.
Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts
Video | Tom’s Smartness Journey Continues
3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?
