APM agent to Server Communication via https

If you are asking about a problem you are experiencing, please use the following template, as it will help us help you. If you have a different problem, please delete all of this text :slight_smile:

TIP 1: select at least one tag that further categorizes your topic. For example server for APM Server related questions, java for questions regarding the Elastic APM Java agent, or ui for questions about the APM App within Kibana.

TIP 2: Check out the troubleshooting guide first. Not only will it help you to resolve common problems faster but it also explains in more detail which information we need before we can properly help you.

Kibana version:

Elasticsearch version:
7.17
APM Server version:
7.17
APM Agent language and version:
RUM.JS
Browser version:
Chrome
Original install method (e.g. download page, yum, deb, from source, etc.) and version:

Fresh install or upgraded from other version?

Is there anything special in your setup? For example, are you using the Logstash or Kafka outputs? Are you using a load balancer in front of the APM Servers? Have you changed index pattern, generated custom templates, changed agent configuration etc.

Not using Loadbalancer
Description of the problem including expected versus actual behavior. Please include screenshots (if relevant):

Steps to reproduce:
1.
2.
3.

Errors in browser console (if relevant):
Getting certificate error with a strike on https
Provide logs and/or server output (if relevant):

Hi @Shalinicts,

Thanks for reaching out!

Please see this similar issue: APM RUM agent not connecting APM Server over https

Thanks,
Alberto

Thanks Alberto.
I can see the solution given is :

The problem seems to be related to the SSL certificate that you are using for your APM Server and once that is fixed the browser would be able to post the data to the APM server.

RUM agent does have not any specific config related to the SSL. You would need to add the certificate manually to your OS and trust that certificate so browser can send the request without any failures.

Thanks,
Vignesh

My client or agent is browser based application and when they incorporate the monitoring, every time they get the certificate to manually accept .
The url is https://apmservrurl:8200
Is the above solution recommend to keep the certificates present in APM server to be present in agent or client side browser ?

In my case , I am using the CA certificate which is used in elastic servers and APM server. The connectivity between APM server and elastic server is working.
Only issue is when agent tries to connect the https://apmserver url :8200 , they get a https with red strike and the agent team has to manually accept the certificate which is not recommended.

Can we have a load balancing URL in front of APM URL and provide the same to agent for the configuration ?
Will it work?Please advise.

Hi @Shalinicts,

The solution above is just for situations where you don't have a proper certificate. When using https browser requires the usage of a trusted certificate.

Possible solutions:

  • give your APM Server a DNS and use something like Let's Encrypt.
  • (the one you were mentioning and perhaps the recommended one in your case) put a load balancer or similar proxy in front of the APM Server

Thanks,
Alberto

Thanks Albert.
the URL "https://apmserverurl:8200" is accessible within APM server .I mean curl https://apmserverurl:8200 within APM server is working.However its not accessible from outside maybe due to certificate issue.

Will post you if the solution works!

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.