Error in CloudProxy connecting to CloudGateway:

2019-09-16 13:41:19.663 ERROR 30799 ---[nioEventLoopGroup-3-19]c.c.a.c.w.WebSocketClientHandler        : [id: 0x92273e6f, L:/22.0.1.65:48672 !R:apmservices-cloudgw.apm.dxi.aacc.corp/22.0.1.57:443] Exception:javax.net.ssl.SSLHandshakeException: PKIX path building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable to findvalid certification path to requested target

io.netty.handler.codec.DecoderException:javax.net.ssl.SSLHandshakeException: PKIX path building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable to findvalid certification path to requested target

               atio.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472)~[netty-all-4.1.30.Final.jar:4.1.30.Final]

               atio.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)~[netty-all-4.1.30.Final.jar:4.1.30.Final]

The certificate presented by their installation is not considered as valid (not properly signed, most probably self-signed). Therefore by default refused.

Release: APM 11

1. Open config/application.yml in the APM CloudProxy installation directory. 

2. Uncomment apm.server.proxyInsecure and change the value to true. 

This will skip server certificate validation. 

NOTE: apm.server.proxyInsecure   - Set to true to ignore certificates on the apmservices.cloudgw side. Recommended for testing with self-signed certificates.

3. You must restart the proxy.

In Workstation and Agent, if no truststore is specified, the server is automatically trusted:

- Workstation - https://docops.ca.com/ca-apm/10-7/en/administrating/configure-the-workstation/http-tunneling-and-ssl

- Agent - https://docops.ca.com/ca-apm/10-7/en/implementing-agents/java-agent/java-agent-properties 

This is not the case for cloud proxy, it is secure by default. If you want to connect to a server with an invalid certificate, apm.server.proxyInsecure=true configuration must be used.