cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Not a customer? Start a free trial

Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.

AppDynamics customers and established members should click the sign in button to authenticate.

Controller (SaaS, On Premises)

HTTP Template Testing Error

SOLVED
timtayl
Builder

HTTP Template Testing Error

Howdy,

 

I am testing a variety of ways to react to health rule violations using HTTP Templates and requests.  I've tried sending requests directly to Cisco Spark Message rooms without any problems.

 

However, when I tried a new HTTP Template to another webserver, I get the following failure and error when trying to test in on SAAS:httptemplatetesterror.png

 

 

 

I tried the same request via an iOS app that I created as a test harness and it is working fine.

 

I'm wondering if it is because the webserver is using a certificate issued by "Lets Encrypt"?

 

Thanks

 

Tim

By replying you agree to the Terms and Conditions of the AppDynamics Community.
HTTP Template Testing Error
14 REPLIES 14
Cody.Naumann
AppDynamics Team

Hi Tim,

 

A quick search on this error brought me this thread on the community from just a few weeks ago - it seems the simplest thing to try.

 

https://community.appdynamics.com/t5/Java-Java-Agent-Installation-JVM/PKIX-path-building-failed/td-p...

 

If that doesn't work try:

 

Stack Overflow: https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-securi...

 

I also found this thread on Atlassian: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-fail...

 

Unfortunately it looks like there could be a number of use cases depending on your setup. Let me know if these helped you.

 

timtayl
Builder

Hi Cody,

 

I will look into, but I think all of my testing is leading me to the conclusion that the SaaS controller doesn't have the Let's Encrypt Root CA and therefore unable to successfully create the tls connection.

 

What leads me to that conclusion is that I can connect and transact with that same nginx server via an iOS app, MacPaw REST app, and my Cisco Spark Webhooks are firing against it.

 

Is there a way to see if the SaaS controllers have the Let's Encrpt Root CA?

 

Best

 

Tim

Cody.Naumann
AppDynamics Team

Hi Tim,

 

Sorry for the delay in my reply, let me see if I can get someone with expertise on CAs to help you.

 

Cody

timtayl
Builder

Howdy,

 

thanks, appreciate it.  Looking forward to hearing back.

 

Best

 

Tim

Saradhi.Potharaju
AppDynamics Team

Hi Tim,

 

Let's Encrypt certs are not part of the truststore packaged with the SaaS controllers. We add it on-demand to SaaS controllers and we are also working on keeping up with the new certs included inMozillaʼs CA Certificate Program.

 

For now if you could give me the following details: (if you cannot post the details here please open a support case)

 

1) SaaS controller URL

2) HTTPS end point URL (if publlicly accessible for me to check what is the root and intermediate cert that it is using)

 

I can get the Let's Encrypt root and get it added to the truststore.

But the appserver needs to be restarted once the certs are imported. Your test runs would succeed without restart but the actual invokation of the template will not work till restart of appserver. 

 

Regards,
Saradhi

timtayl
Builder

Hi Saradhi!

 

thank you for looking into this!

 

here are the details:

1. controller url:  ciscotim.saas.appdynamics.com

2. server url:  https://www.bigdiggy.com/appdtriagebot

 

note, that I've blocked out a number of user agents on the webserver, so if you get a 500 error that is the reasons.  Note also that I am blocking HTTP verbs except for POST and DELETE.

 

Best

 

Tim

Saradhi.Potharaju
AppDynamics Team

Hi Tim,

 

I could get the certs. I will have to work with our Security and Operations team to get this through security approval and then will have to restart the Controller appserver. Will keep you posted with the updates but please note this process will take a couple of days.

 

Regards,
Saradhi

timtayl
Builder

Thank you!

 

looking forward to hearing back once things are in place!

 

Best

 

Tim

timtayl
Builder

Howdy!  Any word on this?

 

Thanks!

 

Tim