Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

Appmon 7.1 - Enabling Single sign on: "Not all certificate chains are known"


Hi all,

We've recently upgraded to Dynatrace Appmon 7.1 and I'm trying to enable single sign on but I've hit a problem with ceritifcates chains I just don't understand. We currently already have LDAP setup and working for authentication.

The process so far:

  1. Open the Dynatrace Server Settings and go into the Users section.
  2. Select the Single sign-on tab and tick the box to 'Enable user authentication via SAMLv2 identity provider'
  3. Then I press the Import button and import the XML from a file provided by an admin in my organisation.
  4. The XML imports successfully but then the problems start - at the top of the window it says "not all certifcate chains are known" and at the bottom of the page "for some certificates there is no valid certificate chain available, therefore a different certificate chain needs to be imported."
  5. On this same page there is a button to "import certificate chain" and I've tried various combinations of importing ceritificates for the CN names listed in the Metadata but with no luck - there is never any valid certifcate chain available!

I assume the answer is in the phase 'certificate chain' and what's in the .pem or .p12 file. I believe this file should contain a 'chain' of certificates mapping from the URLs in the XML and back up though the issuers and authorities, but have no idea how to generate this type of certifcate?

Does anyone else have any experience they could share in doing this?




Hi, I am facing same issue? Did you find a workaround for this?