APM Team Center blank page after the upgrade to SP3

book

Article ID: 198712

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

After the installation of the SP3 to APM 10.7, we can still use workstation, webview and webstart applications, but the connection to APM Team Center (https://<WV-HOSTNAME>:8443) does not function properly anymore. We get the blank page. We use our (DiBA signed) certificate which is valid until 2022. It does function for webstart and webview. Also, it was working for APM 10.7 before this upgrade to SP3.


We see the following exceptions in the IntroscopeWebView.log:

[ERROR] [WebView] Unable to establish connection with remote resource at https://<EM-HOSTNAME>:8444/apm/appmap/private/configuration/static!
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
 at com.wily.introscope.webapps.common.APMServerAPIProxy.initiateConnection(APMServerAPIProxy.java:296)
 at com.wily.introscope.webapps.common.APMServerAPIProxy.processRequest(APMServerAPIProxy.java:190)
 at com.wily.introscope.webapps.common.APMServerAPIProxy.doGet(APMServerAPIProxy.java:119)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
 at com.wily.introscope.webapps.common.APMServerAPIProxy.service(APMServerAPIProxy.java:147)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
 at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
 at com.wily.webserver.filter.RequestLocaleFilter.doFilter(RequestLocaleFilter.java:46)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at com.wily.introscope.webapps.common.filter.XSSFilter.doFilter(XSSFilter.java:32)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at com.wily.introscope.webapps.common.filter.ClickJackFilter.doFilter(ClickJackFilter.java:52)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at com.wily.introscope.webapps.common.filter.WebViewSSOFilter.doFilter(WebViewSSOFilter.java:252)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at com.wily.introscope.webapps.common.filter.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:176)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at com.wily.introscope.webapps.common.filter.LocaleSwitch.doFilter(LocaleSwitch.java:52)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at com.wily.introscope.webapps.common.filter.BrowserFilter.doFilter(BrowserFilter.java:69)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at com.wily.introscope.webapps.common.filter.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:71)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at com.wily.webserver.filter.CustomResponseHeadersFilter.doFilter(CustomResponseHeadersFilter.java:51)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634)
 at com.wily.introscope.webview.server.IntroscopeWebView$ConnectionFilter.doFilter(IntroscopeWebView.java:550)
 at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
 at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
 at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:513)
 at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
 at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
 at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
 at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
 at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
 at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
 at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
 at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
 at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
 at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
 at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219)
 at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:724)
 at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
 at org.eclipse.jetty.server.Server.handle(Server.java:531)
 at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
 at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
 at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
 at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
 at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:291)
 at org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(SslConnection.java:151)
 at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
 at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
 at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
 at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
 at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
 at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
 at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
 at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
 at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
 at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
 at sun.security.validator.Validator.validate(Validator.java:260)
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
 ... 72 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
 ... 78 more
[ERROR] [WebView] The connection with remote resource at https://<EM-HOSTNAME>:8444/apm/appmap/private/configuration/static has not been established!

Environment

Release : 10.7.0

Component : APMISP

Resolution

Add your valid certificate to JVM keystore file at "<EM/WV-Home>/jre/lib/security/cacerts" by following steps. 

Backup the original keystore file:

<EM/WV-Home>/jre/lib/security/cacerts

Add your valid certificate to above keystore with following command.

"<EM/WV-Home>/jre/bin/keytool" -importcert -keystore "<EM/WV-Home>/jre/lib/security/cacerts" -alias <alias-name> -file "<certificate-file>.crt" -storepass changeit

Note: If Webview is installed at a separate location, make sure to add the certificate to keystore file under Webview install. i.e: "<WV-Home>/jre/lib/security/cacerts"