Hi,

I am facing some similar issue but unlike the Error Message that Tim got, my Error Message is blank and yet the test is failing. Could you please help me with the same?

Thanks in advance!

Hi Cody,

I will look into, but I think all of my testing is leading me to the conclusion that the SaaS controller doesn't have the Let's Encrypt Root CA and therefore unable to successfully create the tls connection.

What leads me to that conclusion is that I can connect and transact with that same nginx server via an iOS app, MacPaw REST app, and my Cisco Spark Webhooks are firing against it.

Is there a way to see if the SaaS controllers have the Let's Encrpt Root CA?

Best

Tim

Hi Tim,

Sorry for the delay in my reply, let me see if I can get someone with expertise on CAs to help you.

Cody

Howdy,

thanks, appreciate it.  Looking forward to hearing back.

Best

Tim

Hi Tim,

Let's Encrypt certs are not part of the truststore packaged with the SaaS controllers. We add it on-demand to SaaS controllers and we are also working on keeping up with the new certs included inMozillaʼs CA Certificate Program.

For now if you could give me the following details: (if you cannot post the details here please open a support case)

1) SaaS controller URL

2) HTTPS end point URL (if publlicly accessible for me to check what is the root and intermediate cert that it is using)

I can get the Let's Encrypt root and get it added to the truststore.

But the appserver needs to be restarted once the certs are imported. Your test runs would succeed without restart but the actual invokation of the template will not work till restart of appserver. 

Regards,
Saradhi

Hi Saradhi!

thank you for looking into this!

here are the details:

1. controller url:  ciscotim.saas.appdynamics.com

2. server url:  https://www.bigdiggy.com/appdtriagebot

note, that I've blocked out a number of user agents on the webserver, so if you get a 500 error that is the reasons.  Note also that I am blocking HTTP verbs except for POST and DELETE.

Best

Tim

Hi Tim,

I could get the certs. I will have to work with our Security and Operations team to get this through security approval and then will have to restart the Controller appserver. Will keep you posted with the updates but please note this process will take a couple of days.

Regards,
Saradhi

Howdy!  Any word on this?

Thanks!

Tim

Hi Tim,

Security team approved importing the certificates. OPS team is working on importing the certs but it will take some more days (no ETA yet) as a downtime needs to be planned for Controller Java to pick up the new certs from the truststore.

Regards,
Saradhi

Hi Tim, 

Apologies for the delay. This is still going through security review. I will keep you posted.

Regards,
Saradhi

Hi Tim,

This is currently going through security review. As this needs a controller restart after import, and as this controller hosts other accounts we would need to coordinate a downtime as well. Will keep you posted.

Regards,
Saradhi

Thank you!

looking forward to hearing back once things are in place!

Best

Tim