Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.
Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community
11-30-2017 11:42 AM
Howdy,
I am testing a variety of ways to react to health rule violations using HTTP Templates and requests. I've tried sending requests directly to Cisco Spark Message rooms without any problems.
However, when I tried a new HTTP Template to another webserver, I get the following failure and error when trying to test in on SAAS:
I tried the same request via an iOS app that I created as a test harness and it is working fine.
I'm wondering if it is because the webserver is using a certificate issued by "Lets Encrypt"?
Thanks
Tim
Solved! Go to Solution.
11-30-2017 02:59 PM
Hi Tim,
A quick search on this error brought me this thread on the community from just a few weeks ago - it seems the simplest thing to try.
If that doesn't work try:
Stack Overflow: https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-securi...
I also found this thread on Atlassian: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-fail...
Unfortunately it looks like there could be a number of use cases depending on your setup. Let me know if these helped you.
11-30-2017 04:15 PM
Hi Cody,
I will look into, but I think all of my testing is leading me to the conclusion that the SaaS controller doesn't have the Let's Encrypt Root CA and therefore unable to successfully create the tls connection.
What leads me to that conclusion is that I can connect and transact with that same nginx server via an iOS app, MacPaw REST app, and my Cisco Spark Webhooks are firing against it.
Is there a way to see if the SaaS controllers have the Let's Encrpt Root CA?
Best
Tim
12-04-2017 06:43 AM
Hi Tim,
Sorry for the delay in my reply, let me see if I can get someone with expertise on CAs to help you.
Cody
12-05-2017 06:47 AM
Howdy,
thanks, appreciate it. Looking forward to hearing back.
Best
Tim
12-05-2017 10:37 AM
Hi Tim,
Let's Encrypt certs are not part of the truststore packaged with the SaaS controllers. We add it on-demand to SaaS controllers and we are also working on keeping up with the new certs included inMozillaʼs CA Certificate Program.
For now if you could give me the following details: (if you cannot post the details here please open a support case)
1) SaaS controller URL
2) HTTPS end point URL (if publlicly accessible for me to check what is the root and intermediate cert that it is using)
I can get the Let's Encrypt root and get it added to the truststore.
But the appserver needs to be restarted once the certs are imported. Your test runs would succeed without restart but the actual invokation of the template will not work till restart of appserver.
Regards,
Saradhi
12-05-2017 11:46 AM
Hi Saradhi!
thank you for looking into this!
here are the details:
1. controller url: ciscotim.saas.appdynamics.com
2. server url: https://www.bigdiggy.com/appdtriagebot
note, that I've blocked out a number of user agents on the webserver, so if you get a 500 error that is the reasons. Note also that I am blocking HTTP verbs except for POST and DELETE.
Best
Tim
12-05-2017 01:59 PM
Hi Tim,
I could get the certs. I will have to work with our Security and Operations team to get this through security approval and then will have to restart the Controller appserver. Will keep you posted with the updates but please note this process will take a couple of days.
Regards,
Saradhi
12-06-2017 06:59 AM
Thank you!
looking forward to hearing back once things are in place!
Best
Tim
12-08-2017 03:44 PM
Howdy! Any word on this?
Thanks!
Tim
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 | |
1 |
Thank you! Your submission has been received!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form