cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HTTP Template Testing Error

timtayl
Builder

Howdy,

 

I am testing a variety of ways to react to health rule violations using HTTP Templates and requests.  I've tried sending requests directly to Cisco Spark Message rooms without any problems.

 

However, when I tried a new HTTP Template to another webserver, I get the following failure and error when trying to test in on SAAS:httptemplatetesterror.png

 

 

 

I tried the same request via an iOS app that I created as a test harness and it is working fine.

 

I'm wondering if it is because the webserver is using a certificate issued by "Lets Encrypt"?

 

Thanks

 

Tim

14 REPLIES 14

Cody.Naumann
AppDynamics Team (Retired)

Hi Tim,

 

A quick search on this error brought me this thread on the community from just a few weeks ago - it seems the simplest thing to try.

 

https://community.appdynamics.com/t5/Java-Java-Agent-Installation-JVM/PKIX-path-building-failed/td-p...

 

If that doesn't work try:

 

Stack Overflow: https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-securi...

 

I also found this thread on Atlassian: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-fail...

 

Unfortunately it looks like there could be a number of use cases depending on your setup. Let me know if these helped you.

 

Hi Cody,

 

I will look into, but I think all of my testing is leading me to the conclusion that the SaaS controller doesn't have the Let's Encrypt Root CA and therefore unable to successfully create the tls connection.

 

What leads me to that conclusion is that I can connect and transact with that same nginx server via an iOS app, MacPaw REST app, and my Cisco Spark Webhooks are firing against it.

 

Is there a way to see if the SaaS controllers have the Let's Encrpt Root CA?

 

Best

 

Tim

Cody.Naumann
AppDynamics Team (Retired)

Hi Tim,

 

Sorry for the delay in my reply, let me see if I can get someone with expertise on CAs to help you.

 

Cody

Howdy,

 

thanks, appreciate it.  Looking forward to hearing back.

 

Best

 

Tim

Saradhi.Potharaju
AppDynamics Team (Retired)

Hi Tim,

 

Let's Encrypt certs are not part of the truststore packaged with the SaaS controllers. We add it on-demand to SaaS controllers and we are also working on keeping up with the new certs included inMozillaʼs CA Certificate Program.

 

For now if you could give me the following details: (if you cannot post the details here please open a support case)

 

1) SaaS controller URL

2) HTTPS end point URL (if publlicly accessible for me to check what is the root and intermediate cert that it is using)

 

I can get the Let's Encrypt root and get it added to the truststore.

But the appserver needs to be restarted once the certs are imported. Your test runs would succeed without restart but the actual invokation of the template will not work till restart of appserver. 

 

Regards,
Saradhi

Hi Saradhi!

 

thank you for looking into this!

 

here are the details:

1. controller url:  ciscotim.saas.appdynamics.com

2. server url:  https://www.bigdiggy.com/appdtriagebot

 

note, that I've blocked out a number of user agents on the webserver, so if you get a 500 error that is the reasons.  Note also that I am blocking HTTP verbs except for POST and DELETE.

 

Best

 

Tim

Saradhi.Potharaju
AppDynamics Team (Retired)

Hi Tim,

 

I could get the certs. I will have to work with our Security and Operations team to get this through security approval and then will have to restart the Controller appserver. Will keep you posted with the updates but please note this process will take a couple of days.

 

Regards,
Saradhi

Thank you!

 

looking forward to hearing back once things are in place!

 

Best

 

Tim

Howdy!  Any word on this?

 

Thanks!

 

Tim