Agent communication exception on port 8444

book

Article ID: 197942

calendar_today

Updated On:

Products

CA Application Experience Analytics SaaS (AXA)

Issue/Introduction

Below is the case summary:-
We did the instrumentation of the JAVA agent for one of the applications whose production servers residing under the DMZ environment.
For DMZ, we are using port 8444 for agent communication. The application servers are acting as a shared environment, running with WebLogic and Standalone JVMs.

The configuration is working fine with WebLogic and one for the standalone JVM but for the rest of the standalone JVMs agent is unable to connect due to the below exception. 

(The HTTP Tunneling

server cannot be reached at: https://n.n.n.n/em/transport/services/

IsengardHttpTunnelingService: javax.net.ssl.SSLKeyException: RSA premaster secre

t error)

 

Environment

Release : SAAS

 

Resolution

Use -Djava.security.egd=file:/dev/./urandom -Dweblogic.security.SSL.ignoreHostnameVerification=true” for Weblogic.

The environment variable weblogic.security.SSL.ignoreHostnameVerification is Weblogic specific.  A similar environment variable for standalone java app to ignore SSL hostname verification would need to be supported by the standalone app implementation.  As mentioned before, the alternative workaround with a wildcard or dummy SSL cert would bypass the strict hostname verification as well.

 

Additional Information

Add a wildcard cert
https://coderwall.com/p/b443ng/generating-a-self-signed-wildcard-certificate

And a dummy cert
Dummy Certs
https://sites.google.com/site/testwiki1asdf/dummy-ssl-certs

 

Then retest the connection.