• English日本語한국어
  • Log inStart now

SSL or connection errors (Java)

Problem A: SSL/connection errors in logs

Your New Relic Java agent's log data shows SSL or connection errors.

Tip

See Configuring your SSL certificates for instructions on how to communicate with the New Relic collector over HTTPS.

Solution A

Failures to connect via SSL typically appear early in the Java agent's log files. For example:

PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath
INFO: connection error: java.net.SocketException: java.lang.ClassNotFoundException:
Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory

If you see either of these errors, your JDK instance probably is using a customized trust store.

Recommendation: Add the DigiCert Global Root Certificate Authority (CA), from which New Relic's certificate is derived, to your trust store.

You can download the DigiCert Global Root CA from DigiCert under the "Other root certificates" section (choose the "Download PEM" option).

To import the cert to your trust store, use this command, or see Oracle's Java SE documentation for keytool:

keytool -importcert -alias ca_alias -file ca_file.pem -keystore truststore.ts -storepass ts_password

Parameters include:

Parameter

Description

ca_alias

The alias you want to use in your trust store for the imported cert.

ca_file

The file containing the cert you are adding.

truststore.ts

The trust store to which the cert will be added.

ts_password

The password used by truststore.ts.

Problem B: logs show exception

Your New Relic Java agent's log data shows the following CertificateException.

java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Illegal header: -----BEGIN CERTIFICATE-----

This is most likely related to this JDK issue.

Solution B

Examine and validate that the header and footer of your certificates do not have trailing whitespaces. If they do, edit or use different certificates.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.