MID Server unable to connect to the instance with error: getRecords failed (Socket error) - Support and Troubleshooting

MID Server unable to connect to the instance with error: getRecords failed (Socket error) Issue Mid Server is unable to upgrade. After enabling the Mid Server debug, the error in the agent.log file is:

Integration crypto failure protocol=javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated: peer not authenticated Socket error getRecords failed (Socket error) Release All supported versions.

Cause After restarting the MID with SSL debug enabled, we can see the following message in the wrapper.log file:

java.net.ssl|DEBUG|14|MIDServer|2023-03-02 15:30:22.848 GMT|SSLSocketInputRecord.java:247|READ: TLSv1.2 handshake, length = 2529 java.net.ssl|ERROR|14|MIDServer|2023-03-02 15:30:22.848 GMT|TransportContext.java:345|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking ( "throwable" : { javax.net.ssl.SSLProtocolException: The certificate chain length (11) exceeds the maximum allowed length (10) ... java.net.ssl|DEBUG|14|MIDServer|2023-03-02 15:30:22.848 GMT|SSLSocketInputRecord.java:71|WRITE: TLSv1.2 alert(handshake_failure), length = 2 java.net.ssl|DEBUG|14|MIDServer|2023-03-02 15:30:22.848 GMT|SSLSocketInputRecord.java:85|Raw write ( 0000: 15 03 03 00 02 02 28 ) java.net.ssl|DEBUG|14|MIDServer|2023-03-02 15:30:22.848 GMT|SSLSocketImpl.java:1736|close the underlying socket java.net.ssl|DEBUG|14|MIDServer|2023-03-02 15:30:22.848 GMT|SSLSocketImpl.java:1755|close the SSL connection (initiative) java.net.ssl|ERROR|14|MIDServer|2023-03-02 15:30:22.848 GMT|SSLSocketImpl.java:375|handshake failed ( "throwable" : { javax.net.ssl.SSLProtocolException: The certificate chain length (11) exceeds the maximum allowed length (10) The SSL handshake fails as the endpoint is sending an extremely large certificate chain that exceeds the maximum allowed length, causing the SSL connection to the instance to be closed.

Resolution The recommended approach would be to work with the endpoint team to remove the unwanted certificates from the certificate chain in order to avoid this issue in future.

As temporary workaround, increase the maximum allowed chain length and restart the MID Server as follow: 2.1 Stop the MID server 2.2 Open file \agent\conf\wrapper-override.conf 2.3 Add this parameter: -Djdk.tls.maxCertificateChainLength=50 For example:

wrapper.java.additional.4=-Djdk.tls.maxCertificateChainLength=50 2.4 Start the MID server