Solved: Error while creating custom app

hello,

I am getting multiple errors while creating a custom app

Pl. help

C:\DTApps>node -e "fetch('https://{environmentid}.apps.dynatrace.com' could not be processed.
self-signed certificate in certificate chain
If you need further assistance visit the connectivity troubleshooting guide here: https://dt-url.net/c4jp0s12
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Terminate batch job (Y/N)? y

18 REPLIES 18

any suggestions on this error please

Hi username1,

Let's start with this:

Can you confirm that you meet all the requirements here https://developer.dynatrace.com/reference/app-toolkit/#requirements?
Can you also please share your app.config.json?

Please send us the output of (please adjust the URL accordingly):

curl -s --ssl-no-revoke -w '\n%{certs}\n' https://abc12345.apps.dynatrace.com | findstr "Issuer"

It seems likely that it's an issue with certificates that are not from Dynatrace. You can try setting an environment variable NODE_EXTRA_CA_CERTS=C:/path/to/cert.pem where cert.pem is a file that contains the public certificates that you are injecting (or the certificate for the CA that created those certificates).

See: https://nodejs.org/api/cli.html

Hi Haris,

Thanks for your response, here is the output of the curl cmd

here is the app.config.json

I am able to start the local development server but unable to authenticate, I have set the environment variables as recommended above but still no luck

Error: SSO-URL for 'https://{environmentid}.apps.dynatrace.com' could not be processed.
self-signed certificate in certificate chain
If you need further assistance visit the connectivity troubleshooting guide here: https://dt-url.net/c4jp0s12
Error: Terminal interrupt signal

here is the screenshot of error

Hi, can you please confirm you can make connections to the SSO (sso.dynatrace.com) and your own server from the machine? You can find examples here: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-of-your...

If that works, please make sure Node.js also has connectivity: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-of-node...

Hi Haris, Firstly, many thanks for your persistent responses, much appreciated

I am successfully able to connect sso.dynatrace.com and my own DT instance as well, the outputs are same as shown in the troubleshooting document

But I am unable to connect using Node.js, ending up with "Error: self-signed certificate in certificate chain" - here is the complete output of the cmds mentioned in the troubleshooting document please

C:\DTApps>npm ping
npm notice PING https://{environmentid}.apps.dynatrace.com/
HTTP/1.1 401 Unauthorized
date: Tue, 12 Nov 2024 09:52:06 GMT
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
pragma: no-cache
expires: 0
Connection: Keep-Alive
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 115
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
x-content-type-options: nosniff
dynatrace-response-source: API Gateway
strict-transport-security: max-age=31536000 ; includeSubDomains

C:\DTApps>curl -I https://{environmentid}.apps.dynatrace.com/platform/oauth2/authorization/dynatrace-sso
HTTP/1.1 302 Found
date: Tue, 12 Nov 2024 09:52:29 GMT
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
pragma: no-cache
expires: 0
location: https://{environmentid}.apps.dynatrace.com/platform/login/oauth2/code/dynatrace-sso&nonce=xxxxxxxxxx...
Connection: Keep-Alive
set-cookie: SESSION-prod3=xxxxxxxxxxxxxxxxxx; Path=/; Domain=apps.dynatrace.com; Secure; HTTPOnly; SameSite=Lax
cache-control: no-cache, no-store, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
x-content-type-options: nosniff
dynatrace-response-source: API Gateway
strict-transport-security: max-age=31536000 ; includeSubDomains

C:\DTApps>node -e "fetch('https://sso.dynatrace.com').then(console.log)"
node:internal/deps/undici/undici:13392
Error.captureStackTrace(err);
^

TypeError: fetch failed
at node:internal/deps/undici/undici:13392:13
at process.processTicksAndRejections (node:internal/process/task_queues:105:5) {
[cause]: Error: self-signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1679:34)
at TLSSocket.emit (node:events:518:28)
at TLSSocket._finishInit (node:_tls_wrap:1078:8)
at ssl.onhandshakedone (node:_tls_wrap:864:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
}

Node.js v22.11.0

Hi,

thanks for the update. This shows an issue with connection, which should be covered here: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-issues

Do you have any firewall or proxy in place? Also, can you run:

openssl s_client -showcerts -connect sso.dynatrace.com:443

It seems something is getting in the way and sends your self signed certificate back when you're accessing via Node.

Have you tried exporting the certificate like:

export org CA cert resolved node connectivity issues
#CA CERT
export NODE_EXTRA_CA_CERTS=/Users/xxxxx/.ssh/org-proxy-chain.pem

Hi Haris,

After having a Dynatrace provided certificate (.pem) and updating the npm config, I was successfully able to run/build the app, but I am unable to deploy it due to lack of permissions, do you know what permissions a user should have to deploy an app - thought, I would also be able to deploy it as I was able to run/build! but that's not the case

Hi there,

I'm glad to hear that you've solved the certificate issue.

To deploy an app, you need the following permission:

app-engine:apps:install

Can you confirm that your policy includes this permission in your user group? If not, please add it and retry.

Many thanks for your persistent support Haris, much appreciated

Happy that I could help you 🙂

Feel free to contact us anytime in case you have more questions.

Kind regards, Haris

@haris I'm facing self signed cert errors when making an api call with the DT JS runtime. Do you know how to supply CA certs to the runtime? I haven't found a good way to do so:

Hi calfano,

since that should be Node runtime, the above should still apply. Does this work for you?

$ export NODE_EXTRA_CA_CERTS=[your CA certificate file path]

Or
The cafile configuration property that works similarly: npm config set cafile [your CA certificate file path]

The main difference is that first one adds a cert, where the cafile replaces the certificates. So to add a CA to the chain, you use the first. It's also possible to specify command line to use a system CA store or CA cert like so:

node --use-openssl-ca

or if using env variable:

NODE_OPTIONS=--use-openssl-ca

No luck still using both methods 😞

Does this need to be set at the system level? I have these env variables at the user level since I don't have admin privileges on my workstation

Hi Calfano,

can you try with system-level variables?

Unfortunately, I'm not able to, my workstation is restricted such that I can't set system-level variables 😞

I'm sorry to hear that. Since it doesn't seem possible to do it with user-level variables, I'll let you know if anything changes.

Ask a question