cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Error while creating custom app

username1
Participant

hello,

I am getting multiple errors while creating a custom app

Pl. help

C:\DTApps>node -e "fetch('https://{environmentid}.apps.dynatrace.com' could not be processed.
self-signed certificate in certificate chain
If you need further assistance visit the connectivity troubleshooting guide here: https://dt-url.net/c4jp0s12
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Terminate batch job (Y/N)? y

15 REPLIES 15

username1
Participant

any suggestions on this error please

haris
Dynatrace Helper
Dynatrace Helper

Hi username1,

 

Let's start with this:

  1. Can you confirm that you meet all the requirements here https://developer.dynatrace.com/reference/app-toolkit/#requirements?
  2. Can you also please share your app.config.json?
  3. Please send us the output of (please adjust the URL accordingly): 
    curl -s --ssl-no-revoke -w '\n%{certs}\n' https://abc12345.apps.dynatrace.com | findstr "Issuer"

 

It seems likely that it's an issue with certificates that are not from Dynatrace. You can try setting an environment variable NODE_EXTRA_CA_CERTS=C:/path/to/cert.pem where cert.pem is a file that contains the public certificates that you are injecting (or the certificate for the CA that created those certificates).

 

See: https://nodejs.org/api/cli.html

 

username1
Participant

Hi Haris,

Thanks for your response, here is the output of the curl cmd

username1_0-1731342508863.png

here is the app.config.json

username1_1-1731342594497.png

 

username1
Participant

I am able to start the local development server but unable to authenticate, I have set the environment variables as recommended above but still no luck

 

Error: SSO-URL for 'https://{environmentid}.apps.dynatrace.com' could not be processed.
self-signed certificate in certificate chain
If you need further assistance visit the connectivity troubleshooting guide here: https://dt-url.net/c4jp0s12
Error: Terminal interrupt signal

username1
Participant

here is the screenshot of error

 

username1_0-1731366304458.png

 

haris
Dynatrace Helper
Dynatrace Helper

Hi, can you please confirm you can make connections to the SSO (sso.dynatrace.com) and your own server from the machine? You can find examples here: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-of-your...

 

If that works, please make sure Node.js also has connectivity: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-of-node...

username1
Participant

Hi Haris, Firstly, many thanks for your persistent responses, much appreciated

I am successfully able to connect sso.dynatrace.com and my own DT instance as well, the outputs are same as shown in the troubleshooting document 

But I am unable to connect using Node.js, ending up with "Error: self-signed certificate in certificate chain" - here is the complete output of the cmds mentioned in the troubleshooting document please

 

C:\DTApps>npm ping
npm notice PING https://{environmentid}.apps.dynatrace.com/
HTTP/1.1 401 Unauthorized
date: Tue, 12 Nov 2024 09:52:06 GMT
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
pragma: no-cache
expires: 0
Connection: Keep-Alive
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 115
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
x-content-type-options: nosniff
dynatrace-response-source: API Gateway
strict-transport-security: max-age=31536000 ; includeSubDomains


C:\DTApps>curl -I https://{environmentid}.apps.dynatrace.com/platform/oauth2/authorization/dynatrace-sso
HTTP/1.1 302 Found
date: Tue, 12 Nov 2024 09:52:29 GMT
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
pragma: no-cache
expires: 0
location: https://{environmentid}.apps.dynatrace.com/platform/login/oauth2/code/dynatrace-sso&nonce=xxxxxxxxxx...
Connection: Keep-Alive
set-cookie: SESSION-prod3=xxxxxxxxxxxxxxxxxx; Path=/; Domain=apps.dynatrace.com; Secure; HTTPOnly; SameSite=Lax
cache-control: no-cache, no-store, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
x-content-type-options: nosniff
dynatrace-response-source: API Gateway
strict-transport-security: max-age=31536000 ; includeSubDomains


C:\DTApps>node -e "fetch('https://sso.dynatrace.com').then(console.log)"
node:internal/deps/undici/undici:13392
Error.captureStackTrace(err);
^

TypeError: fetch failed
at node:internal/deps/undici/undici:13392:13
at process.processTicksAndRejections (node:internal/process/task_queues:105:5) {
[cause]: Error: self-signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1679:34)
at TLSSocket.emit (node:events:518:28)
at TLSSocket._finishInit (node:_tls_wrap:1078:8)
at ssl.onhandshakedone (node:_tls_wrap:864:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
}

Node.js v22.11.0

haris
Dynatrace Helper
Dynatrace Helper

Hi,

thanks for the update. This shows an issue with connection, which should be covered here: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-issues

Do you have any firewall or proxy in place? Also, can you run: 

openssl s_client -showcerts -connect sso.dynatrace.com:443 

 

It seems something is getting in the way and sends your self signed certificate back when you're accessing via Node. 

Have you tried exporting the certificate like:

export org CA cert resolved node connectivity issues
#CA CERT
export NODE_EXTRA_CA_CERTS=/Users/xxxxx/.ssh/org-proxy-chain.pem

username1
Participant

Hi Haris,

After having a Dynatrace provided certificate (.pem) and updating the npm config, I was successfully able to run/build the app, but I am unable to deploy it due to lack of permissions, do you know what permissions a user should have to deploy an app - thought, I would also be able to deploy it as I was able to run/build! but that's not the case

 

username1_0-1731480268953.png

 

haris
Dynatrace Helper
Dynatrace Helper

Hi there,

I'm glad to hear that you've solved the certificate issue. 

 

To deploy an app, you need the following permission: 

 

app-engine:apps:install

 


Can you confirm that your policy includes this permission in your user group? If not, please add it and retry.

 

 

username1
Participant

Many thanks for your persistent support Haris, much appreciated

haris
Dynatrace Helper
Dynatrace Helper

Happy that I could help you 🙂 

Feel free to contact us anytime in case you have more questions.

 

Kind regards, Haris

@haris I'm facing self signed cert errors when making an api call with the DT JS runtime. Do you know how to supply CA certs to the runtime? I haven't found a good way to do so:

calfano_0-1731527590001.png

 

 

haris
Dynatrace Helper
Dynatrace Helper

Hi calfano,

since that should be Node runtime, the above should still apply. Does this work for you?

$ export NODE_EXTRA_CA_CERTS=[your CA certificate file path]
Or 
The cafile configuration property that works similarly: npm config set cafile [your CA certificate file path] 

The main difference is that first one adds a cert, where the cafile replaces the certificates. So to add a CA to the chain, you use the first. It's also possible to specify command line to use a system CA store or CA cert like so:
node --use-openssl-ca

or if using env variable:

NODE_OPTIONS=--use-openssl-ca
and if using a self-signed CA cert, you would copy the CA file into the image under /usr/local/share/ca-certificates/ and run update-ca-certificates
 
I hope that helps. Let me know if it doesn't.

 



No luck still using both methods 😞 

Does this need to be set at the system level? I have these env variables at the user level since I don't have admin privileges on my workstation

Featured Posts