This KB article covers an example how to configure APM, Webview to use https and how to configure an instance APMSQLserver remote instance to execute queries using SQuirrel
Valid for :
Application Performance Management 10.7 SP3 and onward versions
This example assumes you have already installed APM 10.7 + applied SP3. You can download package 10.7 and the latest Service Packs from https://support.broadcom.com/download-center/product-download.html?subfamily=APPLICATION%20PERFORMANCE%20MANAGEMENT
1) In this example, we update EM listening port = 7001
Open the EM-HOME/config/IntroscopeEnterpriseManager.properties
introscope.enterprisemanager.port.channel1=7001
2) Enable webstart https connectivity
Open the EM-HOME/config/IntroscopeEnterpriseManager.properties
uncomment
introscope.enterprisemanager.webserver.jetty.configurationFile=em-jetty-config.xml
This change instruct the EM to use by default secure port 8444 port defined in em-jetty-config.xml
...
</Array>
</Arg>
<Set name="port">8444</Set>
<Set name="idleTimeout">300000</Set>
</New>
</Arg>
</Call>
<!-- Configure non-secure http connector for the Jetty Server
<Call name="addConnector">
<Arg>
..
3) update Webview settings
a) Enable webview https connectivity
Open the EM-HOME/config/IntroscopeWebview.properties
uncomment
#introscope.webview.jetty.configurationFile=webview-jetty-config.xml
This change instruct the EM to use by default secure port 8443 defined in webview-jetty-config.xml
..
</Array>
</Arg>
<Set name="port">8443</Set>
<Set name="idleTimeout">300000</Set>
</New>
</Arg>
</Call>
<!-- Configure non-secure http connector
b) Update Webview to EM connection
introscope.webview.enterprisemanager.tcp.host=<EM server>
introscope.webview.enterprisemanager.tcp.port=7001
c) Update EM webstart port + protocol
introscope.webview.enterprisemanager.webserver.tcp.port=8444
# URL that points to the root of the Enterprise Manager REST API
introscope.webview.enterprisemanager.rest.base=https://<EM server>:8444/apm/appmap
d) Start EM and Webview
e) Verify for possible errors in EM and Webview logs.
No errors, all seems to be correct
f) connect to APM TeamCenter, you encounter below error:
PROBLEM#1: Error “Status Code: 503” when connecting to ATC, empty page
In Webview log:
[INFO] [WebView.Login] Successfully logged in user "WilyWebView"
[INFO] [WebServer] Web Application Server started
[INFO] [com.wily.introscope.webserver] Login event Admin 10.230.40.46 true
[ERROR] [WebView] Unable to establish connection with remote resource at https://<EM server>:8444/apm/appmap/private/configuration/static!
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <EM server> found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
This is a know issue documented in this KB:
https://knowledge.broadcom.com/external/article?articleId=125671
Root cause :
You cannot longer use the self-signed certificate provided by the product's EM installer
https://knowledge.broadcom.com/external/article?articleId=125671
Below detail of the steps (using KB as template) for this test setup
Step 1: skipped
Step 2: create self-signed certificate
[<user>@<EM server> bin]# cd /Introscope1070SP3/config/internal/server
[<user>@<EM server> server]# "/Introscope1070SP3/jre/bin/keytool" -genkey -keyalg RSA -alias jettyssl -keystore "/Introscope1070SP3/config/internal/server/keystore" -storepass <password> -keypass <password> -validity 7300 -dname "CN=<EM server>"
[<user>@<EM server> server]# "/Introscope1070SP3/jre/bin/keytool" -export -alias jettyssl -keystore keystore -storepass password -file jettyssl.crt
Certificate stored in file <jettyssl.crt>
[<user>@<EM server> server]# "/Introscope1070SP3/jre/bin/keytool" -importcert -keystore "/Introscope1070SP3/jre/lib/security/cacerts" -alias jettyssl -file "/Introscope1070SP3/config/internal/server/jettyssl.crt" -storepass changeit
Trust this certificate? [no]: yes
Certificate was added to keystore
Step 3: update introscope EM and webview jetty xml files to use the new certificate
<Set name="certAlias">jettyssl</Set>
Step 4: Start EM and Webview
You should now be able to successfully access ATC
Install APMSQLServer remotely as per documentation:
Step by Step instructions:
a) Go to the remote server, create a home directory.
In this example: /APMSQLServer1070SP3-remote
b) Install Java, in this example jdk-8u231-linux-x64.tar.gz
copy the file to /APMSQLServer1070SP3-remote/
tar xvf jdk-8u231-linux-x64.tar.gz
export JAVA_HOME=/APMSQLServer1070SP3-remote/jdk1.8.0_231
c) As per documentation, create a config directory:
mkdir /APMSQLServer1070SP3-remote/config
d) As per documentation, copy <EM-HOME>/APMSQLServer directory to the remote server, in this example “<SQL server>”, to the target directory /APMSQLServer1070SP3-remote
scp -r /Introscope1070SP3/APMSqlServer/user@<APMSQLServer>:/APMSQLServer1070SP3-remote
e) As per documentation, copy <EM-HOME>\config\APMSqlServer.properties directory to the config directory
scp -r /Introscope1070SP3/config/APMSqlServer.properties user@<APMSQLServer>:/APMSQLServer1070SP3-remote/config
f) Verification: Check the content of remote APMSQLServer, in this example @<SQL server>/APMSQLServer1070SP3-remote:
[<user>@<APMSQLServer> APMSQLServer1070SP3-remote]# ls -l
total 189604
drwxr-xr-x. 9 root root 95 Dec 1 16:52 APMSqlServer
drwxr-xr-x. 2 root root 37 Dec 1 22:26 config
drwxr-xr-x. 7 10 143 245 Oct 5 2019 jdk1.8.0_231
-rw-r--r--. 1 root root 194151339 Dec 1 22:13 jdk-8u231-linux-x64.tar.gz
a) Open /APMSQLServer1070SP3-remote/config/APMSqlServer.properties, update below properties, for this example:
# The EM or MOM (hostname or IP address) to which APMSQLServer connects.
# Default is localhost.
com.ca.apm.sqlserver.em.host=<EM server>
# The EM or MOM webserver port.
# Default is 7081.
# Should have the same value as 'introscope.enterprisemanager.webserver.port' property defined
# in IntroscopeEnterpriseManager.properties.
com.ca.apm.sqlserver.em.webserver.port=8444
# Jdbc bind address using which the client API will connect to APMSQLServer.
# Default is localhost.
# Make sure to use IP address/host name for JDBC bind address.
# Also, use the same IP address/host name in the client to connect.
com.ca.apm.sqlserver.jdbcbind.address=<APMSQLServer>
..
com.ca.apm.sqlserver.em.webserver.connection.protocol=https
Enabled DEBUG logging (just for verification, once all is working fine, you can disable it)
-Open /config/APMSqlServer.properties
-Set
log4j.rootLogger=ALL,console
log4j.logger.org.teiid=ALL,teiidlog
log4j.logger.com.ca.apm.server=ALL,console,logfile
Save the properties file
b) start apmsqlserver
cd /APMSQLServer1070SP3-remote/APMSqlServer/bin
./apmsql
c) Verify APMSQLServer logs:
open /APMSQLServer1070SP3-remote/APMSqlServer/logs\apmsqlserverout.log
Go the end of the log, verify that server has started successfully
020-12-01 22:27:02.398:INFO:oejs.Server:main: Started @37879ms
In Windows server:
1.Download and install Squirrel SQL Client : http://www.squirrelsql.org/
2.Copy teiid-9.0.1-jdbc.jar from APMSQLServer : /APMSQLServer1070SP3-remote/APMSqlServer/client/teiid-9.0.1-jdbc.jar
to the local windows server, for example D:
3.Open Squirrel
4. Create a new Driver
a) Click Drivers,
b) Click “+” icon:
c) In the “Add Driver” window, set
d) Click “Extra Class Path” tab
e) Click “Add” and browse and select D:\teiid\teiid-9.0.1-jdbc.jar
Set “Class Name” = org.teiid.jdbc.TeiidDriver
f) Click OK
5.Create a new Alias
Click Aliases
Click “+” icon
Set
-Name = apmsqlserver - <APMSQLServer>
-Driver = locate TeiidDriver you created in previous step
-URL
jdbc:teiid:apm_base@mm://<APMSQLServer>:54321
-User Name and Password : you can use the below options:
a) Enter the user/password
b) Enter a Public API token created from Team Center (go to Settings > Security> Click Generate Public API Token).
IMPORTANT: You must create a token using an “Admin” account to prevent some known issue, for example: https://knowledge.broadcom.com/external/article?articleId=74770
NOTE: In his example, we use option “a”, we have created admin user “test/test” in <EM-home>/config/users.xml
Click “Test”
Result:
We encounter the below error/exception:
Error:
Unexpected Error occurred attempting to open an SQL connection.
class sun.security.provider.certpath.SunCertPathBuilderException: Remote sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stack Trace
sun.security.provider.certpath.SunCertPathBuilderException: Remote sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1622)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:275)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1345)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1306)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:307)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1358)
at org.apache.cxf.io.AbstractWrappedOutputStream.close(AbstractWrappedOutputStream.java:77)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:673)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:710)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1050)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:897)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:866)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:334)
at org.apache.cxf.jaxrs.client.WebClient.post(WebClient.java:343)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.isValid(APMSqlSecurityHelper.java:199)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.authenticate(APMSqlSecurityHelper.java:128)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.authenticate(APMSqlSecurityHelper.java:1)
at org.teiid.services.SessionServiceImpl.createSession(SessionServiceImpl.java:206)
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:142)
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.teiid.transport.ServerWorkItem.run(ServerWorkItem.java:87)
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
at org.teiid.transport.SocketClientInstance.processMessagePacket(SocketClientInstance.java:236)
at org.teiid.transport.SocketClientInstance.receivedMessage(SocketClientInstance.java:222)
at org.teiid.transport.SSLAwareChannelHandler.messageReceived(SSLAwareChannelHandler.java:212)
at org.teiid.transport.SSLAwareChannelHandler.channelRead(SSLAwareChannelHandler.java:218)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:312)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:286)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1304)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:921)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:135)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:646)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:460)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131)
at java.lang.Thread.run(Thread.java:748)
- Review the log /APMSqlServer/logs/apmsqlserverout.log, you will find details of exception
12/04/20 09:54:26.942 AM SAST [TRACE] [NIO2] [APMSQLServer] endpoint url :https://<EM Server>:8444/apm/appmap/private/token/temporaryToken
Dec 04, 2020 9:54:27 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {https://<EM server>:8444/apm/appmap/private/token/temporaryToken}WebClient has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:710)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1050)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:897)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:866)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:334)
at org.apache.cxf.jaxrs.client.WebClient.post(WebClient.java:343)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.isValid(APMSqlSecurityHelper.java:199)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.authenticate(APMSqlSecurityHelper.java:128)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.authenticate(APMSqlSecurityHelper.java:1)
at org.teiid.services.SessionServiceImpl.createSession(SessionServiceImpl.java:206)
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:142)
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.teiid.transport.ServerWorkItem.run(ServerWorkItem.java:87)
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
at org.teiid.transport.SocketClientInstance.processMessagePacket(SocketClientInstance.java:236)
at org.teiid.transport.SocketClientInstance.receivedMessage(SocketClientInstance.java:222)
at org.teiid.transport.SSLAwareChannelHandler.messageReceived(SSLAwareChannelHandler.java:212)
at org.teiid.transport.SSLAwareChannelHandler.channelRead(SSLAwareChannelHandler.java:218)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:312)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:286)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1304)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:921)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:135)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:646)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:460)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://<EM Server>:8444/apm/appmap/private/token/temporaryToken: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Root cause: Missing certificate in the in apmsqlserver jvm
https://knowledge.broadcom.com/external/article?articleId=125671
In above KB, we had created a cert signed certificate and exported it to jettyssl.crt
"/Introscope1070SP3/jre/bin/keytool" -export -alias jettyssl -keystore <keystore> -storepass <password> -file jettyssl.crt
Now, we need to import this crt in the jvm of the remote apmsql server:
a) copy crt to remote apmsqlserver:
scp jettyssl.crt <user>@<EM Server>:/APMSQLServer1070SP3-remote/crt/
b) import crt in local jre cacerts:
cd /APMSQLServer1070SP3-remote/jdk1.8.0_231/jre/lib/security/
"/APMSQLServer1070SP3-remote/jdk1.8.0_231/jre/bin/keytool" -importcert -keystore "/APMSQLServer1070SP3-remote/jdk1.8.0_231/jre/lib/security/cacerts" -alias jettyssl -file "/APMSQLServer1070SP3-remote/crt/jettyssl.crt" -storepass <password>
Trust this certificate? [no]: yes
Certificate was added to keystore
c) verification:
"/APMSQLServer1070SP3-remote/jdk1.8.0_231/jre/bin/keytool" -list -alias jettyssl -keystore "/APMSQLServer1070SP3-remote/jdk1.8.0_231/jre/lib/security/cacerts" -storepass <password>
jettyssl, Dec 7, 2020, trustedCertEntry,
Certificate fingerprint (SHA1): FF:AB:
d) before starting APMSQLserver make sure JAVA_HOME is correct, in this export
export JAVA_HOME=/APMSQLServer1070SP3-remote/jdk1.8.0_231
For testing Open /APMSQLServer1070SP3-remote/config/APMSqlServer.properties, set:
com.ca.apm.sqlserver.em.host=<EM Server>
Result:
We encounter the below error/exception:
Error:
Unexpected Error occurred attempting to open an SQL connection.
class java.io.IOException: Remote java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore. Make sure server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
Stack Trace:
java.io.IOException: Remote java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore. Make sure server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1309)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:307)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1358)
at org.apache.cxf.io.AbstractWrappedOutputStream.close(AbstractWrappedOutputStream.java:77)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:673)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:710)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1050)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:897)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:866)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:334)
at org.apache.cxf.jaxrs.client.WebClient.post(WebClient.java:343)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.isValid(APMSqlSecurityHelper.java:199)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.authenticate(APMSqlSecurityHelper.java:128)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.authenticate(APMSqlSecurityHelper.java:1)
at org.teiid.services.SessionServiceImpl.createSession(SessionServiceImpl.java:206)
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:142)
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.teiid.transport.ServerWorkItem.run(ServerWorkItem.java:87)
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
at org.teiid.transport.SocketClientInstance.processMessagePacket(SocketClientInstance.java:236)
at org.teiid.transport.SocketClientInstance.receivedMessage(SocketClientInstance.java:222)
at org.teiid.transport.SSLAwareChannelHandler.messageReceived(SSLAwareChannelHandler.java:212)
at org.teiid.transport.SSLAwareChannelHandler.channelRead(SSLAwareChannelHandler.java:218)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:312)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:286)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1304)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:921)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:135)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:646)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:460)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131)
at java.lang.Thread.run(Thread.java:748)
- Review the log /APMSqlServer/logs/apmsqlserverout.log, you will find details of exception
2/07/20 10:59:47.776 AM SAST [TRACE] [NIO3] [APMSQLServer] endpoint url :https://<EM Server:8444/apm/appmap/private/token/temporaryToken
Dec 07, 2020 10:59:47 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {https://<EM Server>:8444/apm/appmap/private/token/temporaryToken}WebClient has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:710)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1050)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:897)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:866)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:334)
at org.apache.cxf.jaxrs.client.WebClient.post(WebClient.java:343)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.isValid(APMSqlSecurityHelper.java:199)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.authenticate(APMSqlSecurityHelper.java:128)
at com.ca.apm.server.teiid.APMSqlSecurityHelper.authenticate(APMSqlSecurityHelper.java:1)
at org.teiid.services.SessionServiceImpl.createSession(SessionServiceImpl.java:206)
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:142)
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.teiid.transport.ServerWorkItem.run(ServerWorkItem.java:87)
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
at org.teiid.transport.SocketClientInstance.processMessagePacket(SocketClientInstance.java:236)
at org.teiid.transport.SocketClientInstance.receivedMessage(SocketClientInstance.java:222)
at org.teiid.transport.SSLAwareChannelHandler.messageReceived(SSLAwareChannelHandler.java:212)
at org.teiid.transport.SSLAwareChannelHandler.channelRead(SSLAwareChannelHandler.java:218)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:312)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:286)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1304)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:921)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:135)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:646)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:460)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: IOException invoking https://<EM Server>:8444/apm/appmap/private/token/temporaryToken: The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore. Make sure server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1402)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1386)
at org.apache.cxf.io.AbstractWrappedOutputStream.close(AbstractWrappedOutputStream.java:77)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:673)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
... 46 more
Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore. Make sure server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1309)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:307)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1358)
... 50 more
Click “SQL” tab, enter a sql query click “run” icon
select * from numerical_metric_data where metric_path like'%GC Heap%' and frequency=15000 and ts between '2020-01-01' and '2020-12-12'