AppDefense Appliance not reaching Cloud Manager due to SSL Certificate
search cancel

AppDefense Appliance not reaching Cloud Manager due to SSL Certificate

book

Article ID: 329232

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:
  • An AppDefense appliance deployed in datacenter cannot reach to cloud manage due to SSL certificate is not trusted.
  • In /var/log/appdefense/cloud-management-service.log you see below message.
javax.net.ssl.SSLHandshakeException
 


Cause

There is a certificate proxy/server to intercept SSL certificates transparently in the network and block untrusted ones from customer's data center.  Although AppDefense cloud manager's SSL certificate is publicly signed, the SSL certificate is not trusted by the proxy/server hence the appliance cannot reach to the cloud manager due to this.

Resolution

The certificate proxy/server can generate another signed SSL certificate to be imported to AppDefense appliance. Steps to import this SSL certificate in AppDefense appliance are:
  1. Login to AppDefense appliance with admin user by SSH.
  2. Copy (scp) the certificate to a location on the appliance, such as /tmp.
  3. Change user on the appliance to root by,
$ sudo su -
  1. Back up the original cacerts for Java,
# cp -f /usr/java/jre-vmware/lib/security/cacerts /usr/java/jre-vmware/lib/security/cacerts.bck
  1. Import the new certificate as part of trusted cacerts for Java, when prompt for password, typing default password "changeit". For the command below, "certificate alias" can be any string as long as it doesn't conflict with existing aliases in the cacerts. And "/path/to/certificate/file" is the certificate just got copied in step 4.
# keytool -import -trustcacerts -keystore /usr/java/jre-vmware/lib/security/cacerts -alias <certificate alias> -import -file </path/to/certificate/file>
  1. Delete the certificate file and reboot AppDefense appliance, check if AppDefense appliance is reaching to AppDefense cloud manager from manager UI after it is up running again.