After implementing SSL on Postgres server and modifying EM tess-db-cfg.xml file to have 'ssl=true' in the url the EM connection to the APM DB fails (Connections could not be acquired from the underlying database)

book

Article ID: 35390

calendar_today

Updated On:

Products

APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE

Issue/Introduction

Symptoms:

Implemented SSL on the APM Postgres server and modified the EM tess-db-cfg.xml file to have "ssl=true" in the connection url i.e.

 <property name="hibernate.connection.url">jdbc:postgresql://hostname:5432/cemdb?ssl=true</property>

However after restart the EM connection to the APM DB fails with messages "Connections could not be acquired from the underlying database".

Also the postgresql log contains these messages "could not accept SSL connection: sslv3 alert certificate unknown"

 

Cause:

Using the steps at the bottom of this page to add url parameter "ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory" the SSL certificate validation was disabled and the DB connection was successful after EM restart:

Postgres 9.2 "The PostgreSQL JDBC Interface" : "Chapter 4. Using SSL" : "Configuring the Client".

<property name="hibernate.connection.url">jdbc:postgresql://hostname:5432/cemdb?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory</property> 

That indicated the root cause was most likely the Postgres client (EM) not having not having the Postgres server certificate imported into its java certificate store i.e. if using default jre installed with EM the file EM_HOME/jre/lib/security/cacerts

 

Resolution:

After importing the Postgres server certificate into EM_HOME/jre/lib/security/cacerts using the steps in the above Postgres URL and removing the "ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory" property the DB connection problem was confirmed as resolved after EM restart.

Environment

Release: CEMUGD00200-9.7-Introscope to CA Application-Performance Management-Upgrade Main
Component: