HTTP Request failing due to self-signed cert on ta...

CommunityUser · ‎11-07-2018

We are attempting to use an HTTP Request in AppDynamics to scale up/down a VM based on business transactions. The scaling is being done by CloudCenter. Unfortunately, the request is not being accepted due to the CloudCenter Manager using a self-signed cert. When testing the request, we see the following error:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Would it be possible to bypass this cert check in the AppD Controller? We've had a similar issue with Jenkins, so we were hoping to mitigate the problem with the same solution - importing the cert into the AppD Controller keystore - but we were unable to find the java installation directory to complete the necessary steps.

This is the link we were following:

https://erikzaadi.com/2011/09/09/connecting-jenkins-to-self-signed-certificated-servers/

hardymervana · ‎07-20-2025

If your AppDynamics controller uses a self-signed SSL certificate, Splunk may fail to establish a connection due to certificate verification errors. A common fix is to import the certificate into the Java keystore used by the controller or integration layer (like GlassFish).

You can do this using the following command:

keytool -import -alias appd-cert -keystore $JAVA_HOME/lib/security/cacerts -file /path/to/your/certificate.crt

Make sure to restart the relevant service after importing the certificate.

I have found the resource via Google Search and this will help you: https://sslinsights.com/how-to-install-ssl-certificate-on-glassfish/

jamesvally · ‎07-09-2025

The CSR is must for installing SSL Certificate on Glassfish. After generating the CSR file, open it in a text editor such as Notepad to check for any spelling mistakes or incorrect details. Once verified, send the CSR to a Certificate Authority (CA) for validation. The time to receive your certificate will vary based on the type of validation chosen. After receiving the certificate, import it along with your private key into the GlassFish Keystore. There are the following steps for installation which are as follows:-

1) Unzipping and extracting the file

2) Uploading the Extracted Files to the Glassfish server

3) Importing Keystore into Glassfish default Keystore

4) Entering passwords

5) Updating the Configuration on your server

If you need to understand properly in detail and getting error, Further I am mentioning one article that can be useful for you :-https://certera.com/kb/how-to-install-an-ssl-certificate-on-glassfish/. Hope it helps!

Mann_Brenner · ‎02-24-2025

Try below steps

Choose a single format and start the uploading process. If you choose PEM, follow the steps mentioned in Scenario 1 or directly move to Scenario 2 if you have selected the PKCS#7 format.

Scenario1

Step1: Import the Root and Intermediate Certificates (CA bundle) by using the command given below:

keytool -import -trustcacerts -alias ca -file file.ca-bundle -keystore mykeystore.jks

Note: The alias name and keystore alias names should not be the same.

Step 2: Utilize the below-written code to upload the files after importing the SSL certificate:

keytool -import -trustcacerts -alias myalias -file file.crt -keystore mykeystore.jks

Note: The alias and keystore alias names should be the same.

Scenario2:

Step 1: Use the command given below to upload every single file in one go:

keytool -import -trustcacerts -alias myalias -file file.p7b -keystore mykeystore.jks

The alias attribute must match the alias set for your keystore.

Note: You will be prompted to enter the keystore password and ensure that the attribute – myalias, matches the alias set for your keystore. (If you have doubts, use this command: “keytool -list -v -keystore mykeystore.jks” to see the alias name.)

Check this one https://cheapsslweb.com/resources/how-to-install-an-ssl-certificate-on-glassfish if you still facing the issues

Brian_Wheeldon · ‎11-08-2018

Hi Andrew,

The AppDynamics Controller is GlassFish. I found some generic instructions for installing a SSL certificate on a GlassFish appserver.

The command line to import the cert will looks something like this:

keytool -import -trustcacerts -alias s1as -file "/opt/AppDynamics/Controller/appserver/glassfish/domains/domain1/config/certnew.cer" -keystore "/opt/AppDynamics/Controller/appserver/glassfish/domains/domain1/config/keystore.jks"

Regards,

CommunityUser · ‎11-15-2018

We actually attempted to do this last night. Unfortunately, following these steps results in the AppD Controller crashing.

Here are the steps we followed:

Copy public.key and public.crt to the /tmp directory on the AppD machine.
keytool -import -trustcacerts -alias ccm -file public.crt -keystore /usr/local/appdynamics/AppDPlatform/controller/appserver/glassfish/domains/domain1/config/keytool.jks
Answer “Yes”
Stop Controller
Start Controller

However, once the Controller came back from the reboot, we could never get back into the GUI. The closest error we could get from the logs was:

ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [localhost], port[443], exception [Fatal transport error while connecting to URL [/controller/instance/0/applicationConfiguration]]

Any more thoughts? FWIW, this is what we did on the CCM to create the cert:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-private-selfsigned.key -out nginx-private-selfsigned.crt
Answer questions. Most importantly the Common Name question - give it the (public in this case) IP of the server in question.

HTTP Request failing due to self-signed cert on target server

Controller

Licensing

User Management

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!

Are you a member of the Splunk Community?