Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.
Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community
on 03-28-2018 09:51 AM - edited on 03-29-2018 11:54 AM by Nina.Wolinsky
Problem:
The Controller is not able to communicate to EUM server over https. We see the error below in the Controller server log:
WARNING|glassfish 4.1|com.singularity.ee.controller.beans.eumcloud.EUMCloudManagerBean|_ThreadID=172;_ThreadName=http-listener-2(14);_TimeMillis=1520953028920;_LevelValue=900;|Unable to fetch/update information for EUM account with name: VodafoneUK-a0Q3400000EpfCOEAZ com.appdynamics.eum.rest.client.exception.TransportException: Communication failure with service (https://EUM_HOST_IP:7002/v2/account/eumAccountName/license): javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present.|#]
Analysis:
Sometimes in Controller configuration for the EUM end point, we provide the IP address and not the domain name. Hence, the certificate is also issued accordingly. For example, if the EUM end point is https://10.10.10.10:7002 then the CN for the certificate will be 10.10.10.10. In such cases, if the certificate is issued without SAN (subject alternative name), then the certificate becomes invalid as it is mandatory to have SAN in case the URL contains the IP address and not the domain name.
If the SAN is absent in the certificate, the ssl handshake will fail with the error above.
Solution:
If you are using the IP address in the EUM URL, you need to generate the certificate with SAN. Below is the sample keytool command:
keytool -certreq -file test.csr -keystore test.jks -alias testAlias -ext SAN=dns:test.example.com
Thank you! Your submission has been received!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form