cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Certificate check failed while connecting Dynatrace SaaS cluster?

rswarnka
Helper

Hello, We are getting the Certificate check failed in the ruxitagent_host log file while connecting to the Dynatrace live cluster during the OneAgent installation. We have already opened the 443 and 8443 ports. Telnet is successful on 443 but the telnet on port 8443 is not successful.

Below are the log lines in uxitagent_host log file:

2018-12-06 10:20:36.111 UTC [00001cc8] info    [native] URL https://123abc.live.dynatrace.com:443/communication not working (SSL certificate problem: unable to get local issuer certificate) (occurred 63 times in the last 1h 0m 0s)
2018-12-06 10:21:35.369 UTC [000011c8] info [native] Removed file:C:/ProgramData/dynatrace/oneagent/log/process/ruxitagentproc_2018-11-22.log
2018-12-06 10:21:35.399 UTC [00001e74] info [native] suspicious: AutoUpdater: Failed to get new version: Not sent because last heartbeat failed.
2018-12-06 10:21:35.981 UTC [00001cc8] warning [native] Certificate check failed

What is the probable cause of this? and the possible resolution.


6 REPLIES 6

Hi,

You need open port 8443.


  • For proper communication of the One Agent and the server, two-way communication is required on port 443 (updates, communication with the API)
  • OneAgent sends data to the server on port 8443, it does not open the listening port. It is necessary to communicate OneAgent -> Server

Radek


Hi Radoslaw, The network team has opened the 8443 as well but there is no ACK packets being seen. Is there certificate issues somewhere? Not sure though.

Regards, Rajesh


It possible that your proxy/firewall server has self-signed (or non CA-signed) certificate. In that case you need to add that certificate to dynatrace truststore.

See https://www.dynatrace.com/support/help/deploy-dynatrace/managed/configuration/how-to-add-a-certificate-to-server-trust-store/ for details.


rswarnka
Helper

It was found that the the monitored server used proxy which was blocking the certificate negotiation between the Saas and Agent. For this network team added the bypass rule for certificate negotiation on the proxy server. After this agent got connected to SaaS cluster.


Nice to know;) Great


rswarnka
Helper

It was found that the the monitored server used proxy which was blocking the certificate negotiation between the Saas and Agent. For this network team added the bypass rule for certificate negotiation on the proxy server. After this agent got connected to SaaS cluster.