06 Nov 2024 03:11 PM - last edited on 12 Nov 2024 02:08 PM by MaciejNeumann
hello,
I am getting multiple errors while creating a custom app
Pl. help
C:\DTApps>node -e "fetch('https://{environmentid}.apps.dynatrace.com' could not be processed.
self-signed certificate in certificate chain
If you need further assistance visit the connectivity troubleshooting guide here: https://dt-url.net/c4jp0s12
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Terminate batch job (Y/N)? y
Solved! Go to Solution.
11 Nov 2024 12:13 PM
any suggestions on this error please
11 Nov 2024 12:34 PM
Hi username1,
Let's start with this:
curl -s --ssl-no-revoke -w '\n%{certs}\n' https://abc12345.apps.dynatrace.com | findstr "Issuer"
It seems likely that it's an issue with certificates that are not from Dynatrace. You can try setting an environment variable NODE_EXTRA_CA_CERTS=C:/path/to/cert.pem
where cert.pem
is a file that contains the public certificates that you are injecting (or the certificate for the CA that created those certificates).
See: https://nodejs.org/api/cli.html
11 Nov 2024 04:30 PM
Hi Haris,
Thanks for your response, here is the output of the curl cmd
here is the app.config.json
11 Nov 2024 11:00 PM
I am able to start the local development server but unable to authenticate, I have set the environment variables as recommended above but still no luck
Error: SSO-URL for 'https://{environmentid}.apps.dynatrace.com' could not be processed.
self-signed certificate in certificate chain
If you need further assistance visit the connectivity troubleshooting guide here: https://dt-url.net/c4jp0s12
Error: Terminal interrupt signal
11 Nov 2024 11:05 PM
here is the screenshot of error
12 Nov 2024 09:18 AM - edited 12 Nov 2024 09:19 AM
Hi, can you please confirm you can make connections to the SSO (sso.dynatrace.com) and your own server from the machine? You can find examples here: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-of-your...
If that works, please make sure Node.js also has connectivity: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-of-node...
12 Nov 2024 10:02 AM
Hi Haris, Firstly, many thanks for your persistent responses, much appreciated
I am successfully able to connect sso.dynatrace.com and my own DT instance as well, the outputs are same as shown in the troubleshooting document
But I am unable to connect using Node.js, ending up with "Error: self-signed certificate in certificate chain" - here is the complete output of the cmds mentioned in the troubleshooting document please
C:\DTApps>npm ping
npm notice PING https://{environmentid}.apps.dynatrace.com/
HTTP/1.1 401 Unauthorized
date: Tue, 12 Nov 2024 09:52:06 GMT
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
pragma: no-cache
expires: 0
Connection: Keep-Alive
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 115
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
x-content-type-options: nosniff
dynatrace-response-source: API Gateway
strict-transport-security: max-age=31536000 ; includeSubDomains
C:\DTApps>curl -I https://{environmentid}.apps.dynatrace.com/platform/oauth2/authorization/dynatrace-sso
HTTP/1.1 302 Found
date: Tue, 12 Nov 2024 09:52:29 GMT
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
pragma: no-cache
expires: 0
location: https://{environmentid}.apps.dynatrace.com/platform/login/oauth2/code/dynatrace-sso&nonce=xxxxxxxxxx...
Connection: Keep-Alive
set-cookie: SESSION-prod3=xxxxxxxxxxxxxxxxxx; Path=/; Domain=apps.dynatrace.com; Secure; HTTPOnly; SameSite=Lax
cache-control: no-cache, no-store, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
x-content-type-options: nosniff
dynatrace-response-source: API Gateway
strict-transport-security: max-age=31536000 ; includeSubDomains
C:\DTApps>node -e "fetch('https://sso.dynatrace.com').then(console.log)"
node:internal/deps/undici/undici:13392
Error.captureStackTrace(err);
^
TypeError: fetch failed
at node:internal/deps/undici/undici:13392:13
at process.processTicksAndRejections (node:internal/process/task_queues:105:5) {
[cause]: Error: self-signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1679:34)
at TLSSocket.emit (node:events:518:28)
at TLSSocket._finishInit (node:_tls_wrap:1078:8)
at ssl.onhandshakedone (node:_tls_wrap:864:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
}
Node.js v22.11.0
12 Nov 2024 10:43 AM
Hi,
thanks for the update. This shows an issue with connection, which should be covered here: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-issues
Do you have any firewall or proxy in place? Also, can you run:
openssl s_client -showcerts -connect sso.dynatrace.com:443
It seems something is getting in the way and sends your self signed certificate back when you're accessing via Node.
Have you tried exporting the certificate like:
export org CA cert resolved node connectivity issues
#CA CERT
export NODE_EXTRA_CA_CERTS=/Users/xxxxx/.ssh/org-proxy-chain.pem
13 Nov 2024 06:46 AM
Hi Haris,
After having a Dynatrace provided certificate (.pem) and updating the npm config, I was successfully able to run/build the app, but I am unable to deploy it due to lack of permissions, do you know what permissions a user should have to deploy an app - thought, I would also be able to deploy it as I was able to run/build! but that's not the case
13 Nov 2024 01:30 PM - edited 13 Nov 2024 01:31 PM
Hi there,
I'm glad to hear that you've solved the certificate issue.
To deploy an app, you need the following permission:
app-engine:apps:install
Can you confirm that your policy includes this permission in your user group? If not, please add it and retry.
13 Nov 2024 03:17 PM
Many thanks for your persistent support Haris, much appreciated
13 Nov 2024 06:18 PM
Happy that I could help you 🙂
Feel free to contact us anytime in case you have more questions.
Kind regards, Haris
13 Nov 2024 07:53 PM
@haris I'm facing self signed cert errors when making an api call with the DT JS runtime. Do you know how to supply CA certs to the runtime? I haven't found a good way to do so:
21 Nov 2024 02:19 PM
Hi calfano,
since that should be Node runtime, the above should still apply. Does this work for you?
$ export NODE_EXTRA_CA_CERTS=[your CA certificate file path]
cafile
configuration property that works similarly: npm config set cafile [your CA certificate file path]
node --use-openssl-ca
or if using env variable:
NODE_OPTIONS=--use-openssl-ca
/usr/local/share/ca-certificates/
and run update-ca-certificates
.
05 Dec 2024 06:23 PM
No luck still using both methods 😞
Does this need to be set at the system level? I have these env variables at the user level since I don't have admin privileges on my workstation