We are attempting to use an HTTP Request in AppDynamics to scale up/down a VM based on business transactions. The scaling is being done by CloudCenter. Unfortunately, the request is not being accepted due to the CloudCenter Manager using a self-signed cert. When testing the request, we see the following error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Would it be possible to bypass this cert check in the AppD Controller? We've had a similar issue with Jenkins, so we were hoping to mitigate the problem with the same solution - importing the cert into the AppD Controller keystore - but we were unable to find the java installation directory to complete the necessary steps.
This is the link we were following:
https://erikzaadi.com/2011/09/09/connecting-jenkins-to-self-signed-certificated-servers/
Try below steps
Choose a single format and start the uploading process. If you choose PEM, follow the steps mentioned in Scenario 1 or directly move to Scenario 2 if you have selected the PKCS#7 format.
Scenario1
Step1: Import the Root and Intermediate Certificates (CA bundle) by using the command given below:
keytool -import -trustcacerts -alias ca -file file.ca-bundle -keystore mykeystore.jks
Note: The alias name and keystore alias names should not be the same.
Step 2: Utilize the below-written code to upload the files after importing the SSL certificate:
keytool -import -trustcacerts -alias myalias -file file.crt -keystore mykeystore.jks
Note: The alias and keystore alias names should be the same.
Scenario2:
Step 1: Use the command given below to upload every single file in one go:
keytool -import -trustcacerts -alias myalias -file file.p7b -keystore mykeystore.jks
The alias attribute must match the alias set for your keystore.
Note: You will be prompted to enter the keystore password and ensure that the attribute – myalias, matches the alias set for your keystore. (If you have doubts, use this command: “keytool -list -v -keystore mykeystore.jks” to see the alias name.)
Check this one https://cheapsslweb.com/resources/how-to-install-an-ssl-certificate-on-glassfish if you still facing the issues
Hi Andrew,
The AppDynamics Controller is GlassFish. I found some generic instructions for installing a SSL certificate on a GlassFish appserver.
The command line to import the cert will looks something like this:
keytool -import -trustcacerts -alias s1as -file "/opt/AppDynamics/Controller/appserver/glassfish/domains/domain1/config/certnew.cer" -keystore "/opt/AppDynamics/Controller/appserver/glassfish/domains/domain1/config/keystore.jks"
Regards,
We actually attempted to do this last night. Unfortunately, following these steps results in the AppD Controller crashing.
Here are the steps we followed:
However, once the Controller came back from the reboot, we could never get back into the GUI. The closest error we could get from the logs was:
ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [localhost], port[443], exception [Fatal transport error while connecting to URL [/controller/instance/0/applicationConfiguration]]
Any more thoughts? FWIW, this is what we did on the CCM to create the cert: