Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.
Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community
on 05-23-2017 09:54 AM - edited on 09-05-2018 04:27 PM by Nina.Wolinsky
EUM Server fails to start due to SSL Handshake error when the EUM account synchronizes to the analytics account.
Example:
20 May 2017 16:24:50.174 +1000 main AD.ALL INFO ------start synchronize eum acct to analytics acct!--------- 20 May 2017 16:24:50.177 +1000 main AD.AnalyticsAccountManage INFO start updating MobileSessionRecord 20 May 2017 16:24:50.388 +1000 main AD.AnalyticsAccountManage ERROR | failed bulk updating MobileSessionRecord | javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) | at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) | at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) | at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) | at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) | at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) | at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) | at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) | at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) | at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) | at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) | at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) | at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) | at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) | at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) | at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) | at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) | at com.appdynamics.eumcloud.analytics.AnalyticsAccountManager.bulkUpdateAnEventType(AnalyticsAccountManager.java:266) | at com.appdynamics.eumcloud.analytics.AnalyticsAccountManager.bulkUpdateEventTypes(AnalyticsAccountManager.java:229) | at com.appdynamics.eum.processor.EUMProcessorServerApplication.syncEumAccountsToAnalyticsAccounts(EUMProcessorServerApplication.java:233) | at com.appdynamics.eum.processor.EUMProcessorServerApplication.run(EUMProcessorServerApplication.java:173) | at com.appdynamics.eum.processor.EUMProcessorServerApplication.run(EUMProcessorServerApplication.java:114) | at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:42) | at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:76) | at io.dropwizard.cli.Cli.run(Cli.java:70) | at io.dropwizard.Application.run(Application.java:72) | at com.appdynamics.eumcloud.EUMProcessorServer.main(EUMProcessorServer.java:40) | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) | at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) | at sun.security.validator.Validator.validate(Validator.java:260) | at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) | at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) | at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) | ... 29 more | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) | at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) | at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) | at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) | ... 35 more | +---------------------------------------------------------------------------------------
When the EUM Server tries to connect to the Analytics or Events Service, either directly or via a proxy server over SSL, the EUM Server does not trust the incoming certificate. This is due to a missing intermediate or root certificate in the trust keystore of the EUM Server.
Import the intermediate/root certificates into the trust keystore of the EUM Server.
Example:
<EUM_HOME>/jre/lib/security/cacerts
../jre/bin/keytool -import -trustcacerts -alias myorg-rootca -keystore cacerts -file /path/to/CA-cert.txt -storepass changeit ../jre/bin/keytool -import -trustcacerts -alias myorg-interca -keystore cacerts -file /path/to/CA-inter.txt -storepass changeit
Relevant Links:
Thank you! Your submission has been received!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form