Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.
Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community
11-14-2017 09:41 AM
Solved! Go to Solution.
11-14-2017 02:31 PM
If you get the error "Failed to establish chain from reply", install the issuing Certificate Authority's root and any intermediate certificates into the keystore. The root CA chain establishes the validity of the CA signature on your certificate. Although most common root CA chains are included in the bundled JVM's trust store, you may need to import additional root certificates, such as certificates belonging to a private CA. To do so:
keytool - import -alias [Any_alias] -file <path_to_root_or_intermediate_cert> -keystore <controller_home>/appserver/glassfish/domains/domain1/config/keystore.jks |
When done importing the certificate chain, try importing the signed certificate again.
See https://docs.appdynamics.com/display/PRO43/Controller+SSL+and+Certificates -- Step 9.
11-15-2017 02:41 AM
I have used below command to geneated the pair
> i have puted the alias name for SAN and CN as primary controller
keytool -genkeypair -keyalg RSA -keysize 2048 -validity 1825 -alias s1as -ext SAN=dns:Load balncer alias (example.com) -keystore keystore.jks -storetype JKS -dname "CN=priamry controller server name,OU=Test, O=XYZ, L=Country, ST=CITY, C=SE"
I have imported root certificate alereay but still getting issue
Is there anything missed by me in above command ?
just for info we have other envirment where no load balancer concept and for that it is applied successfully
11-15-2017 08:32 AM
@Vasu.Ramachandran -- please ask one of your team members to assist.
11-20-2017 12:04 PM
Could you let us know how the LB and Controller are configured?
1) Are you terminating SSL on LB or is it SSL at LB as well as Controller?
2) After generating the CSR and getting it signed, did you import both the root and intermediate certificates in the chain?
3) Would you be able to list the contents of the Keystore and also share the logs where you see the error?
Regards,
Saradhi
01-15-2018 05:15 AM
I am terminating SSL at LB and now i have applied CSR on with LB name and applied on both the HA controller Node with root certificate which is working as expected
thanks for response
User | Count |
---|---|
1 | |
1 | |
1 | |
1 |
Thank you! Your submission has been received!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form