cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Amit.Jha
AppDynamics Team (Retired)

Problem:

The Controller is not able to communicate to EUM server over https. We see the error below in the Controller server log:

WARNING|glassfish 4.1|com.singularity.ee.controller.beans.eumcloud.EUMCloudManagerBean|_ThreadID=172;_ThreadName=http-listener-2(14);_TimeMillis=1520953028920;_LevelValue=900;|Unable to fetch/update information for EUM account with name: VodafoneUK-a0Q3400000EpfCOEAZ com.appdynamics.eum.rest.client.exception.TransportException: Communication failure with service (https://EUM_HOST_IP:7002/v2/account/eumAccountName/license): javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present.|#]

 

Analysis:

Sometimes in Controller configuration for the EUM end point, we provide the IP address and not the domain name. Hence, the certificate is also issued accordingly. For example, if the EUM end point is https://10.10.10.10:7002 then the CN for the certificate will be 10.10.10.10. In such cases, if the certificate is issued without SAN (subject alternative name), then the certificate becomes invalid as it is mandatory to have SAN in case the URL contains the IP address and not the domain name.

If the SAN is absent in the certificate, the ssl handshake will fail with the error above.

 

Solution:

If you are using the IP address in the EUM URL, you need to generate the certificate with SAN. Below is the sample keytool command:

keytool -certreq -file test.csr -keystore test.jks -alias testAlias -ext SAN=dns:test.example.com

 

Version history
Last update:
‎03-29-2018 11:54 AM
Updated by:
Join Us On December 10
Learn how Splunk and AppDynamics are redefining observability


Register Now!

Observe and Explore
Dive into our Community Blog for the Latest Insights and Updates!


Read the blog here