SSL or connection errors (Java)

Problem

Your New Relic Java agent's log data shows SSL or connection errors.

Solution

Failures to connect via SSL typically appear early in the Java agent's log files. For example:

PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath
INFO: connection error: java.net.SocketException: java.lang.ClassNotFoundException: 
Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory

If you see either of these errors, your JDK instance probably is using a customized trust store.

Recommendation: Merge the Java default trust store with the application's trust store. The default trust store contains the GeoTrust root Certificate Authority (CA) from which New Relic's certificate is derived.

To merge the trust store, use this command, or see Oracle's Java SE documentation for keytools:

keytool -import -alias ca_alias -file ca_file.pem -keystore truststore.ts -storepass the_password

Parameters include:

Parameter Description
ca_alias The tag of the particular GeoTrust root CA.
ca_file The Java default trust store file that contains the ca_alias.
truststore.ts Location where the ca_alias will be added.
the_password Password change for the trust store truststore.ts.

For more help

Recommendations for learning more: