Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL configuration of controller with load balancer setup

Hi ,

I have installed 4.3 controller and used load balancer to configure the HA setup .

Next steps is for ssl configuration for that I have performed the below steps

1- Requested certificate key tool
2- installed root Certificates
3- tried to import certificate received by authorities but failed

Error : "Failed to establish chain from reply"

Please assist on this

AppDynamics Team
  • If you get the error "Failed to establish chain from reply", install the issuing Certificate Authority's root and any intermediate certificates into the keystore. The root CA chain establishes the validity of the CA signature on your certificate. Although most common root CA chains are included in the bundled JVM's trust store, you may need to import additional root certificates, such as certificates belonging to a private CA. To do so:

    keytool -import -alias [Any_alias] -file <path_to_root_or_intermediate_cert> -keystore <controller_home>/appserver/glassfish/domains/domain1/config/keystore.jks

        When done importing the certificate chain, try importing the signed certificate again.


See -- Step 9.

I have used below command to geneated the pair

> i have puted the alias name for SAN and CN as primary controller


keytool -genkeypair -keyalg RSA -keysize 2048  -validity 1825 -alias s1as -ext SAN=dns:Load balncer alias ( -keystore keystore.jks -storetype JKS -dname "CN=priamry controller server name,OU=Test, O=XYZ, L=Country, ST=CITY, C=SE"



I have imported root certificate alereay but still getting issue


Is there anything missed by me in above command ?


just for info we have other envirment where no load balancer concept and for that it is applied successfully 



@Vasu.Ramachandran -- please ask one of your team members to assist.

Could you let us know how the LB and Controller are configured?


1) Are you terminating SSL on LB or is it SSL at LB as well as Controller?

2) After generating the CSR and getting it signed, did you import both the root and intermediate certificates in the chain?

3) Would you be able to list the contents of the Keystore and also share the logs where you see the error?





I am terminating SSL at LB and now i have applied CSR on with LB name and applied on both the HA controller Node with root certificate which is working as expected 


thanks for response