Re: How is the OneAgent <> ActiveGate <> Cluster Certificate Signed?

gchastne · ‎31 Jul 2024

In several documents there are references to the certificates used in the communication from OneAgent to/from ActiveGate to/from Cluster being "Dynatrace Supplied".

Are these certificates self-signed, or are they signed by the Let's Encrypt CA?

MaciejNeumann · ‎07 May 2025

Hello @gchastne,

Could you let us know which documentation articles mention this? I could ask the team to clarify this in the documentation itself.

If you have any questions about the Community, you can contact me at maciej.neumann@dynatrace.com

rodrigo_alvare1 · ‎20 May 2025

Hi,

Based on the docs:

"each cluster gets a dedicated web domain (subdomain of dynatrace-managed.com) and a trusted SSL certificate."
https://docs.dynatrace.com/managed/managed-cluster/installation/install-your-own-ssl-certificate

"If you allow Dynatrace to manage the domain and generate SSL certificates, then each Cluster ActiveGate with a public IP address will get a dedicated web domain (subdomain of dynatrace-managed.com) and a trusted SSL certificate."
https://docs.dynatrace.com/managed/managed-cluster/installation/install-your-own-ssl-certificate-clu...

So based on my experience an what I understand from the docs, the dynatrac managed cluster will use by default a Let's Encrypt certificate, also used for communication with the ActiveGates and agents.
You can opt-out of using this Let's encrypt certificate, at that point Dynatrace will provide a self-signed certificate. Instead of using that self signed certificate you can upload your own certificate
https://docs.dynatrace.com/managed/managed-cluster/installation/install-your-own-ssl-certificate

Regards