After setting WebView property introscope.webview.enterprisemanager.rest.base to use secure EM Web Server on login to Team Center receive map error 503 and WebView log shows 'java.security.cert.CertificateException: No name matching localhost found'

book

Article ID: 33521

calendar_today

Updated On:

Products

APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE

Issue/Introduction

Symptoms:

After setting WebView property introscope.webview.enterprisemanager.rest.base to use secure EM Web Server eg. https://localhost:8444/apm/appmap when login to Team Center via the unsecure WebView port e.g. http://localhost:8080 receive error "Error retrieving the map. Status code: 503". At the same time the WebView log shows message 'java.security.cert.CertificateException: No name matching localhost found'

 

Cause:

Java is checking the DNS name used in the URL against the Certificate Name (CN) stored in the EM Web Server keystore for the certificate alias being used by the EM Web Server and if it does not find a match it will issue the above message

 

 

Resolution:

1.  Normally it would be standard practice to enable the secure Connector for the WebView web server as well as the EM Web Server. If that is done then when login into Team Center with the secure URL e.g. https://localhost:8443 the problem will not occur (the certificate validation for the DNS name is then effectively disabled because the SSL connector in JVM code is invoked)

 

2. If enabling secure WebView is no wanted the steps from these 2 links will also resolve the problem:

http://java.globinch.com/enterprise-java/security/fix-java-security-certificate-exception-no-matching-localhost-found/

http://java.globinch.com/enterprise-java/security/pkix-path-building-failed-validation-sun-security-validatorexception/

a. Per link #1 use keytool to create new EM_HOME/config/internal/server/keystore and key with alias “wily”. On the prompt set first name/last name set to be “localhost” (maps to CN value) 

That step alone will not resolve the the 503 error and WebView log will show:

[ERROR] [WebView] Unable to establish connection with remote resource at https://localhost:8081/apm/appmap/private/permission! 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

b. Per link #2 export the “wily” key as a cert file from EM_HOME/config/internal/server/keystore & import into the file EM_HOME\jre\lib\security\cacerts 

c. Restart WebView, login to Team Center and the problem should be resolved.

 

 

Environment

Release: CEMUGD00200-10.1-Introscope to CA Application-Performance Management-Upgrade Mai
Component: