SSL or connection errors (Java)


Your New Relic Java agent's log data shows SSL or connection errors.

See Configuring your SSL certificates for instructions on how to communicate with the New Relic collector over HTTPS.


Failures to connect via SSL typically appear early in the Java agent's log files. For example:

PKIX path building failed: PKIXCertPathBuilderImpl could not build a valid CertPath
INFO: connection error: java.lang.ClassNotFoundException: 
Cannot find the specified class

If you see either of these errors, your JDK instance probably is using a customized trust store.

Recommendation: Merge the Java default trust store with the application's trust store. The default trust store contains the DigiCert root Certificate Authority (CA) from which New Relic's certificate is derived.

To merge the trust store, use this command, or see Oracle's Java SE documentation for keytools:

keytool -import -alias ca_alias -file ca_file.pem -keystore truststore.ts -storepass the_password

Parameters include:

Parameter Description
ca_alias The tag of the particular DigiCert root CA.
ca_file The Java default trust store file that contains the ca_alias.
truststore.ts Location where the ca_alias will be added.
the_password Password change for the trust store truststore.ts.

For more help

If you need more help, check out these support and learning resources: