After implementing SSL on Postgres server and modifying EM tess-db-cfg.xml file to have 'ssl=true' in the url the EM connection to the APM DB fails (Connections could not be acquired from the underlying database)


Article ID: 35390


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE



Implemented SSL on the APM Postgres server and modified the EM tess-db-cfg.xml file to have "ssl=true" in the connection url i.e.

 <property name="hibernate.connection.url">jdbc:postgresql://hostname:5432/cemdb?ssl=true</property>

However after restart the EM connection to the APM DB fails with messages "Connections could not be acquired from the underlying database".

Also the postgresql log contains these messages "could not accept SSL connection: sslv3 alert certificate unknown"



Using the steps at the bottom of this page to add url parameter "ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory" the SSL certificate validation was disabled and the DB connection was successful after EM restart:

Postgres 9.2 "The PostgreSQL JDBC Interface" : "Chapter 4. Using SSL" : "Configuring the Client".

<property name="hibernate.connection.url">jdbc:postgresql://hostname:5432/cemdb?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory</property> 

That indicated the root cause was most likely the Postgres client (EM) not having not having the Postgres server certificate imported into its java certificate store i.e. if using default jre installed with EM the file EM_HOME/jre/lib/security/cacerts



After importing the Postgres server certificate into EM_HOME/jre/lib/security/cacerts using the steps in the above Postgres URL and removing the "ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory" property the DB connection problem was confirmed as resolved after EM restart.


Release: CEMUGD00200-9.7-Introscope to CA Application-Performance Management-Upgrade Main