Configure Your Agents for Cisco Secure Application 

Extract the Ingress CA or Server Certificate

  1. Determine the provider of the server certificate: 
    Log into the cluster node and examine /var/appd/globals.yaml.gotmpl. If the value of ingress.defaultCert is true, this indicates that the On-Premises Virtual Appliance provided the CA and a server certificate. Otherwise, you provided a custom TLS certificate.

    The upgrade process sets ingress.defaultCert to false.


  2. If the On-Premises Virtual Appliance provided the CA certificate, run this command to extract a copy of it: 

    kubectl get secret ingress-cert-secret -n ingress-master -o jsonpath="{.data.ca\.crt}" | base64 --decode > ca.crt
    BASH
  3. If you provided a custom TLS certificate, run this command to extract a copy of it: 
    kubectl get secret custom-ingress-secret -n ingress-master -o jsonpath="{.data.tls\.crt}" | base64 --decode > certificate.crt
    BASH

Update the Agent Configuration

  • For Java agents:
    • Import the CA or server certificate into your Java agent's trust store by following the steps in Enable SSL for the Java Agent.
    • For general details on Java agent configuration, see Install the Java Agent.

      Certain features of Cisco Secure Application are currently not available when using Java Development Kit (JDK) versions 23 and 24. This is due to the removal of the security manager in these versions. As a result, the following runtime eventing features are impacted:

      • Remote Command Execution
      • Listening Server Sockets
      • Outbound Web API Connections
      • File Access (including reading, writing, creating, and deleting)

      We are committed to resolving this issue and are actively working on a permanent solution to ensure full compatibility with JDK versions 23 and above. Thank you for your understanding and patience as we enhance our product to support these newer Java versions.

  • For .NET agents on Linux hosts:
    • For general details on .NET agent configuration, see Install the .NET Agent for Linux.
    • In the agent configuration, specify the location of the certificate you extracted above. You can specify this location in your agent's configuration file or with the APPDYNAMICS_CONTROLLER_SSL_CERTFILE environment variable (see Configuring SSL Variables for .NET Agents):
      {
  "controller": {
    "host": "ec2-18-236-232-10.us-west-2.compute.amazonaws.com",
    "port": 443,
    "ssl": true,
    "certfile": "_path_to_single_certificate_file_"
  }
}
      JSON
  • For .NET agents on Windows hosts:
    • In the agent configuration, specify the location of the certificate you extracted above. You can specify this location in your agent's configuration file or with the APPDYNAMICS_CONTROLLER_SSL_CERTFILE environment variable (see Configuring SSL Variables for .NET Agents):
      <controller host="ec2-18-236-232-10.us-west-2.compute.amazonaws.com" port="443" ssl="true" enable_tls12="true" ssl-certificate-file="_path_to_single_certificate_file_" >
...
</controller>
      XML
       
  • For Node.js agents:
    • Confirm that the Node.js agent version is at least 24.9.0.
    • Add this to the require statement in its configuration file. For details see Vulnerability Reporting on Node.js Agent
      require("appdynamics").profile({
    controllerHostName: '<controllerHost>',
    controllerPort: 443,
    controllerSslEnabled: true,
    accountName: '<accountName>',
    accountAccessKey: '<accessKey>',
    applicationName: '<appName>',
    tierName: '<tierName>,
    nodeName: '<nodeName>',
    secureAppEnabled: true,
    certificateFile: '_path_to_single_certificate_file_'
})
      JSON



Update Agents' Node Properties on the Virtual Appliance

Integrate Cisco Secure Application with your agents:

  • For the Java agent:
    • Confirm that the Java agent version is at least 24.4.1.
    • Add this node property: 
      enable-secapp-service
      CODE
  • For the .NET agent:
    • Confirm that the .NET agent version is at least 24.4.0.1.
    • Add this node property: 
      enable-secapp-service
      CODE

See App Agent Node Properties.

For more information, see Monitor Application Security Using Cisco Secure Application.


Enable Cisco Secure Application Features for Targeted Applications

From the Cisco Secure Application dashboard, you can find the Security Setting value for any application you want to monitor in either of these ways:

  • If any application's Security Status is Disabled, you can set it to Enabled by updating its Security Setting to Enable.
  • You can manage the Security Status for all applications with Security Setting of Inherit by navigating to the Administration > Settings tab. 

In order to make these changes, you must have Configure permission for Cisco Secure Application. For help, see Security Setting in Monitor Security Status of Applications.