Is there anything special in your setup?
Windows based, Windows Certificate Authority, SSL Certificates, Single node
Description of the problem including expected versus actual behavior. Please include screenshots (if relevant):
APM Agent not communicating with APM Server.
Provide logs and/or server output (if relevant):
Where to find logs from APM Agent on APM Agent host if APM isn't communicating with the APM Server?
Documentation for securing APM Agent is vague. (SSL/TLS communication with APM Server | APM Java Agent Reference [1.x] | Elastic) Am I modifying my application's keystore in order to report back to the APM Server? This seems very intrusive and could potentially be a breaking change for the application especially an application that already uses SSL.
Could you share a stacktrace from the JVM agent to better understand what is happening during the communication? If possible, please share as well your apm-server.yml configuration file.
Also, if you suspect that the problem is related to certificate validation, you can temporarily disable this behavior by using the following property in the JVM agent:
-Delastic.apm.verify_server_cert=false
It might be helpful to isolate the issue and see if cert mgmt is indeed what is causing the problem.
I will start with adding the verify_server_cert=false to make sure there is not a certificate issue.
Many of the examples and tutorials show the APM Server as localhost. Is an APM Server required on each application host? I currently only have the APM Agent using the following settings with TomCat that runs as a Windows Service pointing to a remote APM Server.
I'll be honest. I've been struggling with this for a couple days now and this was my Hail Mary before giving up on Elastic. Thank you for your guidance. I still want a server side validation between the client and server, but I will need to involve our code team in order to touch the keystore of this application. Very early stages of a secured on-prem setup. Thank you again!
The other way is just to make sure you have an official CA certificate then it should be fine I believe.
The other way and I'm not an expert at this is right it's get the CA from your internal certificate get it into the Java SSL key store and then it would probably work as well
I was thinking about this last evening and I think using the central CA should resolve this issue. Our development environment used a different CA for some reason or another. That flag is magic though.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.