Problem:
The Java or Database Agent stops communicating, or can not communicate to the Controller.
The following error message is visible in the Agent logs:
[Thread-0] 22 Jun 2017 11:53:52,467 ERROR ConfigurationChannel - Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Solution:
- Verify if the SSL certificate is installed and enabled by following the documentation: Enable SSL for Java Agent
- Alternatively, run the Java Agent with the following system property to resolve the issue:
-Dappdynamics.force.default.ssl.certificate.validation=false
More information on this jvm flag:
appdynamics.force.default.ssl.certificate.validation=false
This means that minimal certificate validation is done, which means that the notBefore
and notAfter
are still checked.
If this property is set to true, full certification chain validation is done.
There is no way to fully disable the validation of notBefore
and notAfter
dates as that defies the purpose of SSL.
When this property is set to false, X509Certificate.checkValidity
method is called, which would validate the certificate start and expiry dates.
https://docs.oracle.com/javase/8/docs/api/java/security/cert/X509Certificate.html#checkValidity--