06 Nov 2024 03:11 PM - last edited on 12 Nov 2024 02:08 PM by MaciejNeumann
hello,
I am getting multiple errors while creating a custom app
Pl. help
C:\DTApps>node -e "fetch('https://{environmentid}.apps.dynatrace.com' could not be processed.
self-signed certificate in certificate chain
If you need further assistance visit the connectivity troubleshooting guide here: https://dt-url.net/c4jp0s12
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Error: Terminal interrupt signal
Terminate batch job (Y/N)? y
Solved! Go to Solution.
11 Nov 2024 12:13 PM
any suggestions on this error please
11 Nov 2024 12:34 PM
Hi username1,
Let's start with this:
curl -s --ssl-no-revoke -w '\n%{certs}\n' https://abc12345.apps.dynatrace.com | findstr "Issuer"
It seems likely that it's an issue with certificates that are not from Dynatrace. You can try setting an environment variable NODE_EXTRA_CA_CERTS=C:/path/to/cert.pem
where cert.pem
is a file that contains the public certificates that you are injecting (or the certificate for the CA that created those certificates).
See: https://nodejs.org/api/cli.html
11 Nov 2024 04:30 PM
Hi Haris,
Thanks for your response, here is the output of the curl cmd
here is the app.config.json
11 Nov 2024 11:00 PM
I am able to start the local development server but unable to authenticate, I have set the environment variables as recommended above but still no luck
Error: SSO-URL for 'https://{environmentid}.apps.dynatrace.com' could not be processed.
self-signed certificate in certificate chain
If you need further assistance visit the connectivity troubleshooting guide here: https://dt-url.net/c4jp0s12
Error: Terminal interrupt signal
11 Nov 2024 11:05 PM
here is the screenshot of error
12 Nov 2024 09:18 AM - edited 12 Nov 2024 09:19 AM
Hi, can you please confirm you can make connections to the SSO (sso.dynatrace.com) and your own server from the machine? You can find examples here: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-of-your...
If that works, please make sure Node.js also has connectivity: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-of-node...
12 Nov 2024 10:02 AM
Hi Haris, Firstly, many thanks for your persistent responses, much appreciated
I am successfully able to connect sso.dynatrace.com and my own DT instance as well, the outputs are same as shown in the troubleshooting document
But I am unable to connect using Node.js, ending up with "Error: self-signed certificate in certificate chain" - here is the complete output of the cmds mentioned in the troubleshooting document please
C:\DTApps>npm ping
npm notice PING https://{environmentid}.apps.dynatrace.com/
HTTP/1.1 401 Unauthorized
date: Tue, 12 Nov 2024 09:52:06 GMT
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
pragma: no-cache
expires: 0
Connection: Keep-Alive
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 115
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
x-content-type-options: nosniff
dynatrace-response-source: API Gateway
strict-transport-security: max-age=31536000 ; includeSubDomains
C:\DTApps>curl -I https://{environmentid}.apps.dynatrace.com/platform/oauth2/authorization/dynatrace-sso
HTTP/1.1 302 Found
date: Tue, 12 Nov 2024 09:52:29 GMT
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
pragma: no-cache
expires: 0
location: https://{environmentid}.apps.dynatrace.com/platform/login/oauth2/code/dynatrace-sso&nonce=xxxxxxxxxx...
Connection: Keep-Alive
set-cookie: SESSION-prod3=xxxxxxxxxxxxxxxxxx; Path=/; Domain=apps.dynatrace.com; Secure; HTTPOnly; SameSite=Lax
cache-control: no-cache, no-store, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
x-content-type-options: nosniff
dynatrace-response-source: API Gateway
strict-transport-security: max-age=31536000 ; includeSubDomains
C:\DTApps>node -e "fetch('https://sso.dynatrace.com').then(console.log)"
node:internal/deps/undici/undici:13392
Error.captureStackTrace(err);
^
TypeError: fetch failed
at node:internal/deps/undici/undici:13392:13
at process.processTicksAndRejections (node:internal/process/task_queues:105:5) {
[cause]: Error: self-signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1679:34)
at TLSSocket.emit (node:events:518:28)
at TLSSocket._finishInit (node:_tls_wrap:1078:8)
at ssl.onhandshakedone (node:_tls_wrap:864:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
}
Node.js v22.11.0
12 Nov 2024 10:43 AM
Hi,
thanks for the update. This shows an issue with connection, which should be covered here: https://developer.dynatrace.com/develop/troubleshoot/troubleshoot-connectivity/#connectivity-issues
Do you have any firewall or proxy in place? Also, can you run:
openssl s_client -showcerts -connect sso.dynatrace.com:443
It seems something is getting in the way and sends your self signed certificate back when you're accessing via Node.
Have you tried exporting the certificate like:
export org CA cert resolved node connectivity issues
#CA CERT
export NODE_EXTRA_CA_CERTS=/Users/xxxxx/.ssh/org-proxy-chain.pem
13 Nov 2024 06:46 AM
Hi Haris,
After having a Dynatrace provided certificate (.pem) and updating the npm config, I was successfully able to run/build the app, but I am unable to deploy it due to lack of permissions, do you know what permissions a user should have to deploy an app - thought, I would also be able to deploy it as I was able to run/build! but that's not the case
13 Nov 2024 01:30 PM - edited 13 Nov 2024 01:31 PM
Hi there,
I'm glad to hear that you've solved the certificate issue.
To deploy an app, you need the following permission:
app-engine:apps:install
Can you confirm that your policy includes this permission in your user group? If not, please add it and retry.
13 Nov 2024 03:17 PM
Many thanks for your persistent support Haris, much appreciated
13 Nov 2024 06:18 PM
Happy that I could help you 🙂
Feel free to contact us anytime in case you have more questions.
Kind regards, Haris
13 Nov 2024 07:53 PM
@haris I'm facing self signed cert errors when making an api call with the DT JS runtime. Do you know how to supply CA certs to the runtime? I haven't found a good way to do so:
21 Nov 2024 02:19 PM
Hi calfano,
since that should be Node runtime, the above should still apply. Does this work for you?
$ export NODE_EXTRA_CA_CERTS=[your CA certificate file path]
cafile
configuration property that works similarly: npm config set cafile [your CA certificate file path]
node --use-openssl-ca
or if using env variable:
NODE_OPTIONS=--use-openssl-ca
/usr/local/share/ca-certificates/
and run update-ca-certificates
.
05 Dec 2024 06:23 PM
No luck still using both methods 😞
Does this need to be set at the system level? I have these env variables at the user level since I don't have admin privileges on my workstation
17 Dec 2024 08:43 AM
Hi Calfano,
can you try with system-level variables?
19 Dec 2024 08:36 PM
Unfortunately, I'm not able to, my workstation is restricted such that I can't set system-level variables 😞
23 Dec 2024 02:08 PM
I'm sorry to hear that. Since it doesn't seem possible to do it with user-level variables, I'll let you know if anything changes.
10 Jan 2025 11:46 AM
Hello @calfano
I've got this same issue as my laptop is behind a company proxy and has custom certificates.
One thing that you could do is downloading the certificate from the tenant you're trying to run it from, and adding it to your machine globally.
To download the certificate you can open the Dev Tools in Chrome -> Security -> View Certificate -> Details -> Export
You can save it as a Base64 certificate and ensure that the file ends with a .crt extension, then on Windows it's as easy as to double click it, and install it.
An alternative but not recommended method is to set the Enviroment Variable "NODE_TLS_REJECT_UNAUTHORIZED" to the value "0", but take into account that this option is a security risk and your systems people will not be happy about it.
Hope this helps!
13 Jan 2025 07:20 PM
hey @archem, still no luck following your instructions. I've tried both the import certificates and setting the environment variable to 0 😞