Help
Not a customer? Start a free trial

Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.

Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HTTP Template Testing Error

Go to solution
timtayl
Builder

‎11-30-2017 11:42 AM

Howdy,

 

I am testing a variety of ways to react to health rule violations using HTTP Templates and requests.  I've tried sending requests directly to Cisco Spark Message rooms without any problems.

 

However, when I tried a new HTTP Template to another webserver, I get the following failure and error when trying to test in on SAAS:httptemplatetesterror.png

 

 

 

I tried the same request via an iOS app that I created as a test harness and it is working fine.

 

I'm wondering if it is because the webserver is using a certificate issued by "Lets Encrypt"?

 

Thanks

 

Tim

0 Kudos
14 REPLIES 14

Go to solution
Cody.Naumann
AppDynamics Team (Retired)

‎11-30-2017 02:59 PM

Hi Tim,

 

A quick search on this error brought me this thread on the community from just a few weeks ago - it seems the simplest thing to try.

 

https://community.appdynamics.com/t5/Java-Java-Agent-Installation-JVM/PKIX-path-building-failed/td-p...

 

If that doesn't work try:

 

Stack Overflow: https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-securi...

 

I also found this thread on Atlassian: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-fail...

 

Unfortunately it looks like there could be a number of use cases depending on your setup. Let me know if these helped you.

 

0 Kudos

Go to solution
timtayl
Builder
In response to Cody.Naumann

‎11-30-2017 04:15 PM

Hi Cody,

 

I will look into, but I think all of my testing is leading me to the conclusion that the SaaS controller doesn't have the Let's Encrypt Root CA and therefore unable to successfully create the tls connection.

 

What leads me to that conclusion is that I can connect and transact with that same nginx server via an iOS app, MacPaw REST app, and my Cisco Spark Webhooks are firing against it.

 

Is there a way to see if the SaaS controllers have the Let's Encrpt Root CA?

 

Best

 

Tim

0 Kudos

Go to solution
Cody.Naumann
AppDynamics Team (Retired)
In response to timtayl

‎12-04-2017 06:43 AM

Hi Tim,

 

Sorry for the delay in my reply, let me see if I can get someone with expertise on CAs to help you.

 

Cody

Go to solution
timtayl
Builder
In response to Cody.Naumann

‎12-05-2017 06:47 AM

Howdy,

 

thanks, appreciate it.  Looking forward to hearing back.

 

Best

 

Tim

0 Kudos

Go to solution
Saradhi.Potharaju
AppDynamics Team (Retired)
In response to timtayl

‎12-05-2017 10:37 AM

Hi Tim,

 

Let's Encrypt certs are not part of the truststore packaged with the SaaS controllers. We add it on-demand to SaaS controllers and we are also working on keeping up with the new certs included inMozillaʼs CA Certificate Program.

 

For now if you could give me the following details: (if you cannot post the details here please open a support case)

 

1) SaaS controller URL

2) HTTPS end point URL (if publlicly accessible for me to check what is the root and intermediate cert that it is using)

 

I can get the Let's Encrypt root and get it added to the truststore.

But the appserver needs to be restarted once the certs are imported. Your test runs would succeed without restart but the actual invokation of the template will not work till restart of appserver. 

 

Regards,
Saradhi

0 Kudos

Go to solution
timtayl
Builder
In response to Saradhi.Potharaju

‎12-05-2017 11:46 AM

Hi Saradhi!

 

thank you for looking into this!

 

here are the details:

1. controller url:  ciscotim.saas.appdynamics.com

2. server url:  https://www.bigdiggy.com/appdtriagebot

 

note, that I've blocked out a number of user agents on the webserver, so if you get a 500 error that is the reasons.  Note also that I am blocking HTTP verbs except for POST and DELETE.

 

Best

 

Tim

0 Kudos

Go to solution
Saradhi.Potharaju
AppDynamics Team (Retired)
In response to timtayl

‎12-05-2017 01:59 PM

Hi Tim,

 

I could get the certs. I will have to work with our Security and Operations team to get this through security approval and then will have to restart the Controller appserver. Will keep you posted with the updates but please note this process will take a couple of days.

 

Regards,
Saradhi

0 Kudos

Go to solution
timtayl
Builder
In response to Saradhi.Potharaju

‎12-06-2017 06:59 AM

Thank you!

 

looking forward to hearing back once things are in place!

 

Best

 

Tim

0 Kudos

Go to solution
timtayl
Builder
In response to Saradhi.Potharaju

‎12-08-2017 03:44 PM

Howdy!  Any word on this?

 

Thanks!

 

Tim

0 Kudos
On-Demand Webinar
Discover new Splunk integrations and AI innovations for Cisco AppDynamics.

Register Now!
Observe and Explore
Dive into our Community Blog for the Latest Insights and Updates!

Read the blog here

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support