Start Free Trial

Knowledge Base

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I troubleshoot EUM certificate errors?

Table of Contents

 

Symptoms

When trying to enable EUM for an application from the EUM configuration window, we get the following error:

 

Error The server encountered an internal error () that prevented it from fulfilling this request.Error The server encountered an internal error () that prevented it from fulfilling this request.

 

Diagnosis

After analyzing the server.log file on the Controller machine we can see the below exceptions while connecting to EUM:

Communication failure with service (https://agg.eum-appdynamics.com/v2/account/xxxxxxxxxxxxxxxxxxxx/license/terms): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

 

The above error occurs when the Controller trust store does not have the EUM client certificate, and the validation fails.

 

Solution

Follow the below steps to download the EUM certificate and import it to the Controller trust store:

 

  1. Access the following URL in the browser: 
    https://agg.eum-appdynamics.com/eumaggregator/get-version
    • For an on-premise EUM Server, access the below URL:
    • https://<EUMHost>:7002/eumaggregator/get-version
    • If you are using any alternate port for HTTPS, change the value accordingly.

  2. Click on the lock icon on the URL bar to display the certificate details.

  3. Export the certificate for the EUM Server and transfer it to the Controller host.
    • For exporting the certificate from the command line, run the following command to export the certificate into a file:
      keytool -J-Dhttps.proxyHost=<proxy_host> -J-Dhttps.proxyPort=<proxy_port> -printcert -rfc -sslserver <eum_host>:<eum_ssl_port> 2>/dev/null > certs.pem​
    • If you are not using a proxy server to connect from the controller to the EUM server, you can avoid the parameters for the proxy host and ports:
      -J-Dhttps.proxyHost=<proxy_host> -J-Dhttps.proxyPort=<proxy_port>​

       

    • The certs.pem file generated using this command may contain multiple certs presented by the server (server cert, proxy cert, etc).

    • Save individual certificate into a separate file like file1.pem, file2.pem, etc.

    • The individual certs will be enclosed as such:

      -----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----​

       

  4. Navigate to the <AppDynamicsHome>/appserver/glassfish/domains/domain1/config directory. Use the following key tool command to import the certificate to the Controller trust store:
    $JAVA_HOME/bin/keytool -import -trustcacerts -alias <alias> -file <certificate file> -keystore cacerts.jks​

     

  5. Run the above command for each of the certificates that you saved in the previous step.

  6. Restart the app server.

 

Version history
Revision #:
7 of 7
Last update:
‎05-13-2021 10:29 PM
Updated by:
 
View article history
Labels (1)

Found this article helpful? Click the Thumbs Up button.
Have an additional comment? Post it below.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support