When enabling EUM for an application from the EUM configuration window, the error "The server encountered an internal error () that prevented it from fulfilling this request" appears
In this article...
Symptoms: Error in the EUM configuration window
When trying to enable EUM for an application from the EUM configuration window, we get the following error:
Error The server encountered an internal error () that prevented it from fulfilling this request.
Diagnosis: Analyze the Controller machine's server.log
After analyzing the server.log file on the Controller machine, we can see the exceptions below while connecting to EUM:
Communication failure with service (https://agg.eum-appdynamics.com/v2/account/xxxxxxxxxxxxxxxxxxxx/license/terms): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
The error above occurs when the Controller trust store does not have the EUM client certificate, resulting in a failed validation.
Solution: Import a new EUM certificate to the Controller trust store
Follow the steps below to download the EUM certificate and import it to the Controller trust store:
- Access the following URL in the browser:
- For an on-premise EUM Server, access the below URL:
- If you are using any alternate port for HTTPS, change the value accordingly.
- Click on the lock icon on the URL bar to display the certificate details.
- Export the certificate for the EUM Server and transfer it to the Controller host.
- To export the certificate from the command line, run the following command to export the certificate into a file:
keytool -J-Dhttps.proxyHost=<proxy_host> -J-Dhttps.proxyPort=<proxy_port> -printcert -rfc -sslserver <eum_host>:<eum_ssl_port> 2>/dev/null > certs.pem
- If you are not using a proxy server to connect from the controller to the EUM server, you can avoid the parameters for the proxy host and ports:
certs.pem file generated using this command may contain multiple certs presented by the server (server cert, proxy cert, etc).
Save the individual certificate into a separate file, such as file1.pem, file2.pem, etc.
The individual certs will be enclosed as such:
- Navigate to the
<AppDynamicsHome>/appserver/glassfish/domains/domain1/config directory. Use the following key tool command to import the certificate to the Controller trust store:
$JAVA_HOME/bin/keytool -import -trustcacerts -alias <alias> -file <certificate file> -keystore cacerts.jks
- Run the command above for each of the certificates you saved in step 3.
- Restart the app server.