cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HTTP Request failing due to self-signed cert on target server

Andrew.Horrigan
Adventurer

We are attempting to use an HTTP Request in AppDynamics to scale up/down a VM based on business transactions.  The scaling is being done by CloudCenter.  Unfortunately, the request is not being accepted due to the CloudCenter Manager using a self-signed cert.  When testing the request, we see the following error:

 

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Would it be possible to bypass this cert check in the AppD Controller?  We've had a similar issue with Jenkins, so we were hoping to mitigate the problem with the same solution - importing the cert into the AppD Controller keystore - but we were unable to find the java installation directory to complete the necessary steps.

 

This is the link we were following:

 

https://erikzaadi.com/2011/09/09/connecting-jenkins-to-self-signed-certificated-servers/

2 REPLIES 2

Brian.Wheeldon
AppDynamics Team (Retired)

Hi Andrew,

 

The AppDynamics Controller is GlassFish. I found some generic instructions for installing a SSL certificate on a GlassFish appserver.

 

The command line to import the cert will looks something like this:

 

keytool -import -trustcacerts -alias s1as -file "/opt/AppDynamics/Controller/appserver/glassfish/domains/domain1/config/certnew.cer" -keystore "/opt/AppDynamics/Controller/appserver/glassfish/domains/domain1/config/keystore.jks"

Regards,

 

Brian Wheeldon, Solution Engineer, NYC




Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.

We actually attempted to do this last night.  Unfortunately, following these steps results in the AppD Controller crashing.

 

Here are the steps we followed:

  1. Copy public.key and public.crt to the /tmp directory on the AppD machine.
  2. keytool -import -trustcacerts -alias ccm -file public.crt -keystore /usr/local/appdynamics/AppDPlatform/controller/appserver/glassfish/domains/domain1/config/keytool.jks
  3. Answer “Yes”
  4. Stop Controller
  5. Start Controller

However, once the Controller came back from the reboot, we could never get back into the GUI. The closest error we could get from the logs was:

 

ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [localhost], port[443], exception [Fatal transport error while connecting to URL [/controller/instance/0/applicationConfiguration]]

Any more thoughts?  FWIW, this is what we did on the CCM to create the cert:

  1. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-private-selfsigned.key -out nginx-private-selfsigned.crt
  2. Answer questions. Most importantly the Common Name question - give it the (public in this case) IP of the server in question.