cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace Managed certificate failure

jason_jenkinson
Contributor

Hi

I have deployed DynaTrace Managed and all goes well on install, however when launching the URL I see the following event.

SecurityException: Cannot register cluster with OPC: OPCFailedRequestException: request failed - SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - https://opcsvc.ruxit.com/rest/public/v3.0/registr...

I have checked with our firewall team and they are stating it is an issue with the Root CA.

I don't have much coverage with linux but has anyone seen this issue before.

Thanks in advance

Jason


6 REPLIES 6

JamesKitson
Dynatrace Leader
Dynatrace Leader

Are you connecting to MC through a proxy?


Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

I'm investigating that. I'll keep you updated.


Technical Product Manager,
Dynatrace Managed expert

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

Seems your proxy/firewall does not allow you to connect to https://mcsvc.dynatrace.com

nor as a fall back to https://opcsvc.ruxit.com


I bet your proxy/firewall server has self-signed (or non CA-signed) certificate. In that case you need to add that certificate to dynatrace truststore. See

https://www.dynatrace.com/support/help/installatio...

for details.


Technical Product Manager,
Dynatrace Managed expert

Hi Radoslaw,

I am facing same issue.

But During installation proxy worked I got connected message in putty

But for mission control connection it's showing this error.

Is it sufficient to include https://mcsvc.dynatrace.com. URL??

Please suggest.

 

Yes, as documentation states - mcsvc.dynatrace.com is sufficient to include. But if you have a proxy with a self-signed certificate you need to import that certificate into the keystore. This help page might help:

 

https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/how-t...

 

Technical Product Manager,
Dynatrace Managed expert

Julius_Loman
Leader

It seems to me that your company is doing man-in-the-middle inspection for SSL/TLS traffic. If this is the case, adding the local company CA certificate to the server truststore will help, just as @Radoslaw S. suggests.