Hi:
I found this answer in a case that appears to apply here:
Thanks for the update, definitely the protocol could be one thing, the
other thing is the cipher suite which is also mentioned in the error
message:
We have these list of cipher suites that are supported:
The following list contains the CipherSuites that are supported by the CA
APM for Web Servers:
? SSL_RSA_WITH_RC4_128_MD5
? SSL_RSA_WITH_RC4_128_SHA
? TLS_RSA_WITH_AES_128_CBC_SHA
? TLS_DHE_RSA_WITH_AES_128_CBC_SHA
? TLS_DHE_DSS_WITH_AES_128_CBC_SHA
? SSL_RSA_WITH_3DES_EDE_CBC_SHA
? SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
? SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
? SSL_RSA_WITH_DES_CBC_SHA
? SSL_DHE_RSA_WITH_DES_CBC_SHA
? SSL_DHE_DSS_WITH_DES_CBC_SHA
? SSL_RSA_EXPORT_WITH_RC4_40_MD5
? SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
? SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
? SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
? SSL_RSA_WITH_NULL_MD5
? SSL_RSA_WITH_NULL_SHA
? SSL_DH_anon_WITH_RC4_128_MD5
? TLS_DH_anon_WITH_AES_128_CBC_SHA
? SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
? SSL_DH_anon_WITH_DES_CBC_SHA
? SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
? SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
? TLS_KRB5_WITH_RC4_128_SHA
? TLS_KRB5_WITH_RC4_128_MD5
? TLS_DH_anon_WITH_AES_256_CBC_SHA
? TLS_KRB5_WITH_3DES_EDE_CBC_SHA
? TLS_KRB5_WITH_3DES_EDE_CBC_MD5
? TLS_KRB5_WITH_DES_CBC_SHA
? TLS_KRB5_WITH_DES_CBC_MD5
? TLS_RSA_WITH_AES_256_CBC_SHA
? TLS_DHE_DSS_WITH_AES_256_CBC_SHA
? TLS_DHE_RSA_WITH_AES_256_CBC_SHA
? TLS_KRB5_EXPORT_WITH_RC4_40_SHA
? TLS_KRB5_EXPORT_WITH_RC4_40_MD5
? TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
? TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
The other thing to be sure is that if the certificate for the web server
has changed that this has been updated for the agent. I'm saying this
because you have the agent configured in non-permissive mode, and the
documentation has a note about this:
"If your web server uses HTTPS in nonpermissive mode, set the truststore
path and truststore password for the valid certificates being used to
establish communication with the web server. To set the truststore
settings, use the AgentConfigTool.sh file to edit the
AgentConfig.properties file. The truststore password is stored in an
encrypted form in the AgentConfig.properties file."
So, in summary, you can definitely review the protocol setting (SSL/TLS)
but also please check where you can about the cipher suite used for the
certificate and check if the truststore used by the agent has been updated.
Thanks
Hal German