Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.
Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community
on
10-18-2021
02:21 PM
- edited on
10-18-2021
02:29 PM
by
Claudia.Landiva
Sometimes a “PKIX path building failed” error is reported in Machine Agent logs for extensions that are trying to connect to an HTTPS endpoint.
PKIX stands for Public Key Infrastructure X509.
Whenever Java attempts to connect to another application over SSL, the connection will only succeed if it can trust the application. If the extension is not able to establish trust with the configured server then it returns the “PKIX path building failed” error.
The most convenient resolution for this error is to configure SSL parameters in the config.yml file of the extension.
You can add a “connection” property in the config file with relevant SSL parameters as mentioned below:
Make sure that you have correct certificates in truststore and keystore before configuring the path.
Following are the steps to be followed on how to manually import the certificates which are required for SSL configuration in the extension
echo | openssl s_client -showcerts -connect <host>:<port> 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem
keytool -import -alias <Alias_for_your_certificate> -file “<Path_to_certificate_in_quotes>” -keystore cacerts.jks -storepass <truststore_password>
For JMX based extensions (for which mbeans configuration is required), you can either:
java -Djavax.net.ssl.trustStore=/path/to/truststore/cacert.jks -Djavax.net.ssl.trustStorePassword=changeit -jar machineagent.jar
Note that two flags are available in JMX:
The extension does not support SSL encryption of the RMI Registry, it does support SSL encryption of the JMX connections themselves.
The error might continue to come up if incorrect certificates are imported and configured, or if correct SSL parameters are not supplied in the extension.
Please reach out to your application team for the correct certificates, and configure them in the extension.
Also, verify whether all the relevant SSL parameters are correctly configured in the extension or provided as Java arguments.
Thank you! Your submission has been received!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form