Issue enabling Introscope agent on Apache Web server

book

Article ID: 132357

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE

Issue/Introduction

I am trying to install and enable Introscope agent to monitor Apache web server. Getting below errors, in IntroscopeAgent.log. 5/16/19 10:44:05 AM EDT [ERROR] [IntroscopeAgent.WebserverMonitor.WebServerMonitorEngine] Could not get metrics from server : https://mqlwebs001:57003 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

Cause

Self-signed certificate in non-permissive mode.

Environment

Release:
Component: APMISP

Resolution

In the permissive mode, the CA APM for Web Servers acts as a permissive client that accepts all kinds of web server certificates. These certificates include unsigned, self-signed, trusted, and expired certificates. In the non-permissive mode, the CA APM for Web Servers accepts only unexpired and trusted certificates.     
                                                                                                                   
Customer was using a self-signed cert and needed permissive mode. Once changing. the errors went away and metrics appeared.