Problem:
The Controller is not able to communicate to EUM server over https. We see the error below in the Controller server log:
WARNING|glassfish 4.1|com.singularity.ee.controller.beans.eumcloud.EUMCloudManagerBean|_ThreadID=172;_ThreadName=http-listener-2(14);_TimeMillis=1520953028920;_LevelValue=900;|Unable to fetch/update information for EUM account with name: VodafoneUK-a0Q3400000EpfCOEAZ com.appdynamics.eum.rest.client.exception.TransportException: Communication failure with service (https://EUM_HOST_IP:7002/v2/account/eumAccountName/license): javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present.|#]
Analysis:
Sometimes in Controller configuration for the EUM end point, we provide the IP address and not the domain name. Hence, the certificate is also issued accordingly. For example, if the EUM end point is https://10.10.10.10:7002 then the CN for the certificate will be 10.10.10.10. In such cases, if the certificate is issued without SAN (subject alternative name), then the certificate becomes invalid as it is mandatory to have SAN in case the URL contains the IP address and not the domain name.
If the SAN is absent in the certificate, the ssl handshake will fail with the error above.
Solution:
If you are using the IP address in the EUM URL, you need to generate the certificate with SAN. Below is the sample keytool command:
keytool -certreq -file test.csr -keystore test.jks -alias testAlias -ext SAN=dns:test.example.com
