Enter Case number reference for associated cases.

Case #

Status:

Type: Enterprise

Old Article ID: 4411

Old Article Type: problem



Information:

Detail the contextual information specific to the issue; i.e. Product, Version, Agent, System, etc.

AppMon: 3.x+

Describe the problem, from the user perspective

When using a URL Monitor, the following error is reported during execution of the monitor.

 

Last polling execution failed
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

 

This only happens when using HTTPS. If you switch to using HTTP, the problem does not occur.

When the URL is tested from a local browser, it works without an error.

 

Clearly list the Steps to resolve the issue

 

This error can happen when the URL you are monitoring does not have a valid certificate from an authorized CA. This is a common situation with internal or test websites which use self signed certificates.

This error does not happen with your local browser, likely because someone has already created an exception for that website and added the self signed certificate to the browser keystore.

To resolve this issue, simply export the certificate from the browser keystore and import it into the dynaTrace JRE certificate keystore. The general steps for this are outlined below.

  1. Export the certificate from the working browser. Save it to a local file. In IE, this can be found at Tools-> Internet Options-> Content-> Certificates
  2. Import this certificate into dynaTrace's JRE using the following steps:

     

    cd DT_HOME/jre/bin
    keytool -import-alias <website URI> -file <file saved previously>
    keytool -list (to verify cert was imported)

     

    The keystore password is changeit.

  3. Restart the collector where the URL Monitor is to be run.
  4. Reexecute the URL Monitor.