cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Not a customer? Start a free trial

Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.

AppDynamics customers and established members should click the sign in button to authenticate.

Knowledge Base

How do I troubleshoot EUM certificate errors?

Table of Contents

 

Symptoms

When trying to enable EUM for an application from the EUM configuration window, we get the following error:

 

Error  The server encountered an internal error () that prevented it from fulfilling this request.Error The server encountered an internal error () that prevented it from fulfilling this request.

 

Diagnosis

After analyzing the server.log file on the Controller machine we can see the below exceptions while connecting to EUM:

Communication failure with service (https://agg.eum-appdynamics.com/v2/account/xxxxxxxxxxxxxxxxxxxx/license/terms): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

 

The above error occurs when the Controller trust store does not have the EUM client certificate, and the validation fails.

 

Solution

Follow the below steps to download the EUM certificate and import it to the Controller trust store:

 

  1. Access the following URL in the browser: 
    https://agg.eum-appdynamics.com/eumaggregator/get-version
    • For an on-premise EUM Server, access the below URL:
    • https://<EUMHost>:7002/eumaggregator/get-version
    • If you are using any alternate port for HTTPS, change the value accordingly.

  2. Click on the lock icon on the URL bar to display the certificate details.

  3. Export the certificate for the EUM Server and transfer it to the Controller host.
    • For exporting the certificate from the command line, run the following command to export the certificate into a file:
      keytool -J-Dhttps.proxyHost=<proxy_host> -J-Dhttps.proxyPort=<proxy_port> -printcert -rfc -sslserver <eum_host>:<eum_ssl_port> 2>/dev/null > certs.pem​
    • If you are not using a proxy server to connect from the controller to the EUM server, you can avoid the parameters for the proxy host and ports:
      -J-Dhttps.proxyHost=<proxy_host> -J-Dhttps.proxyPort=<proxy_port>​

       

    • The certs.pem file generated using this command may contain multiple certs presented by the server (server cert, proxy cert, etc).

    • Save individual certificate into a separate file like file1.pem, file2.pem, etc.

    • The individual certs will be enclosed as such:

      -----BEGIN CERTIFICATE-----
      .....
      -----END CERTIFICATE-----​

       

  4. Navigate to the <AppDynamicsHome>/appserver/glassfish/domains/domain1/config directory. Use the following key tool command to import the certificate to the Controller trust store:
    $JAVA_HOME/bin/keytool -import -trustcacerts -alias <alias> -file <certificate file> -keystore cacerts.jks​

     

  5. Run the above command for each of the certificates that you saved in the previous step.

  6. Restart the app server.

 

Version history
Last update:
‎05-13-2021 10:29 PM
Updated by:
Labels (1)
By replying you agree to the Terms and Conditions of the AppDynamics Community.