Before you configure the agent to enable SSL, gather this information:

• Identify the Controller SSL port:
  • For SaaS Controllers, the SSL port is 443.
  • For on-premises Controllers, the SSL port is 8181 by default, but it is possible to configure on-premises Controllers to use other ports at installation.
• Identify the signature method for the Controller's SSL certificate:
  • A publicly known certificate authority (CA) signed the certificate. This applies for Verisign, Thawte, and other commercial CAs.
  • A CA internal to your organization signed the certificate. Some companies maintain internal certificate authorities to manage trust and encryption within their domain.
  • .NET Agent supports self-signed certificates when these conditions exist:
    • The Common Name (CN) on the certificate matches the URL of the Controller that the agent is calling.
    • The public key for the self-signed certificate is installed on the Windows Trusted Root Certification Authorities store where the agent is installed.

The .NET Agent requires that the Common Name (CN) on the Controller certificate matches the DNS name of the Controller. Additionally, certificates for the root CA that signed the Controller's SSL certificate must reside in the Windows Trusted Root Certification Authorities store for the Local Computer.

Certificates Signed by a Publicly Known Certificate Authority

The root certificates for most publicly trusted CA signing authorities, such as DigiCert, Verisign, Thawte, and other commercial CAs, are in the Trusted Root Certification Authorities store by default.

Certificates Signed by an Internal Certificate Authority

If your organization uses internal CA to sign certificates, you may need to obtain the root CA certificate from your internal security management resource. To import the root certificate, seeAdding Certificates to the Trusted Root Certification Authorities store for a Local Computer.

This example shows how to use the Certificate snap-in for the Microsoft Management Console to import a certificate for a Trusted Root Certification Authority:

This example shows theIntermediate Certification Authoritiesstore:

Certificate Management Tips

• If you imported certificates for a root or intermediate CA, verify the certificate store where you imported them. Import them toCertificates (Local Computer).
• The Splunk AppDynamics SaaS Controller uses certificates signed by DigiCert. In some cases, SaaS customers must import the DigiCert root certificates into the Windows Trusted Root Certification Authorities store.
• In some cases system administrators set up group policies that require external certificates be imported to the Third-Party Root Certification Authorities store. If importing the certificate for the root CA to the Windows Trusted Certification Authorities store is not successful, then try the Third-Party Root Certification Authoritiesstore.