cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How configure trusted root certificates on ActiveGate

MAkimov
Mentor

Hello

I have issue this add Kubernetes Cluster monitirng use API

I have error

id":"KUBERNETES_CLUSTER-97A6AE3DB6B8D47C","statusInfo":"SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","statusInfos":{},"connectionState":"UNKNOWN_ERROR

I think this is due to the lack of a certificate on the ActiveGate

I tried to configure trusted root certificates on ActiveGate. I use doc https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/configuration/co...

I followed the documentation but got nothing happened

1. security gave me a certificate - open-shift-ca.crt

2. I put it to a location outside the /opt/dynatrace directory

3. Edit the launcheruserconfig.conf file

-vmargs -Djavax.net.ssl.trustStore=/etc/MyJavaStore/open-shift-ca.crt

4. restatrt ActiveGate

But now it not connected to Clustrer.

in log i have error -

Failed to send INITIAL_COLLECTOR_SETUP message (target-type=SERVER, target-id=2), uri=null - CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available [Suppressing further messages for 10 minutes] [skipped logs: 414]



Any advice?


3 REPLIES 3

In such case you should add root to cluster too I think. I've never hade chance to check only cert on AG. Always we had to install certificates on both servers because of some internal requirements and it works in such case.

Sebastian


daniel_jelinski
Dynatrace Supporter
Dynatrace Supporter

Hi, you need to merge the certificate with the Java-default ones like this:

cp /opt/dynatrace/jre/lib/security/cacerts /etc/MyJavaStore
keytool -import -keystore /etc/MyJavaStore/cacerts -storepass changeit -alias open-shift-ca -file /etc/MyJavaStore/open-shift-ca.crt

Then edit launcheruserconfig.conf file:

-vmargs
-Djavax.net.ssl.trustStore=/etc/MyJavaStore/cacerts

Then restart ActiveGate


Thank you!