Knowledge Base

cancel
Showing results for 
Search instead for 
Did you mean: 

Controller unable to communicate to EUM over HTTPS

Problem:

The Controller is not able to communicate to EUM server over https. We see the error below in the Controller server log:

WARNING|glassfish 4.1|com.singularity.ee.controller.beans.eumcloud.EUMCloudManagerBean|_ThreadID=172;_ThreadName=http-listener-2(14);_TimeMillis=1520953028920;_LevelValue=900;|Unable to fetch/update information for EUM account with name: VodafoneUK-a0Q3400000EpfCOEAZ com.appdynamics.eum.rest.client.exception.TransportException: Communication failure with service (https://EUM_HOST_IP:7002/v2/account/eumAccountName/license): javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present.|#]

 

Analysis:

Sometimes in Controller configuration for the EUM end point, we provide the IP address and not the domain name. Hence, the certificate is also issued accordingly. For example, if the EUM end point is https://10.10.10.10:7002 then the CN for the certificate will be 10.10.10.10. In such cases, if the certificate is issued without SAN (subject alternative name), then the certificate becomes invalid as it is mandatory to have SAN in case the URL contains the IP address and not the domain name.

If the SAN is absent in the certificate, the ssl handshake will fail with the error above.

 

Solution:

If you are using the IP address in the EUM URL, you need to generate the certificate with SAN. Below is the sample keytool command:

keytool -certreq -file test.csr -keystore test.jks -alias testAlias -ext SAN=dns:test.example.com

 

Version history
Revision #:
4 of 4
Last update:
‎03-29-2018 11:54 AM
Updated by:
 
Labels (1)


Found this article helpful? Click the Thumbs Up button.
Have an additional comment? Post it below.
0 Kudos