Solved: Re: Getting certificate error while downloading the one agent .

supriya_kamble · ‎24 May 2017

WARNING: cannot verify gmi131.dynatrace-managed.com's certificate, issued by â/DC=in/DC=ratnakarbank/CN=ratnakarbank-MUNMVS0002-CAâ:
Self-signed certificate encountered.
Proxy request sent, awaiting response... 403 Forbidden
2017-05-24 19:36:58 ERROR 403: Forbidden.

Radoslaw_Szulgo · ‎24 May 2017

I suggest to contact with customer support.

Senior Product Manager,
Dynatrace Managed expert

jerry_lobenstei · ‎09 Oct 2017

I have seen this before:

The issue was the version of
openSSL that is installed on the customer’s machine. In many cases you
can replace “cms” with “smime”

wget https://dynatrace.com/dt-root.cert.pem
; ( echo e 'Content-Type: multipart/signed;
protocol="application/x-pkcs7-signature"; micalg="sha-256";
boundary="SIGNED-INSTALLER"\n\n---SIGNED-INSTALLER' ; cat
Dynatrace-OneAgent-Linux-1.117.255.sh ) | openssl smime -verify -CAfile
dt-root.cert.pem > /dev/null

chakravarthula1 · ‎02 Apr 2019

Hello Team,

We are facing same issue. What should the openSSL version be on customer machine?

Thanks,

Prathyusha

Julius_Loman · ‎03 Apr 2019

@Chakravarthula P. are you having issues with verifying the certificate using openssl? In the original question above it seems the proxy is doing content inspection (man in the middle), thus the responses are signed by another CA which the Dynatrace Managed server (or other component) does not trust as it is local. In this case you need to import your CA certificate (the one the responses from proxy are signed) to the appropriate trust store.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner