cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do I set the SSL certificate for a Public Security Gateway?

alejandro_herna
Organizer

I installed a Puiblic Security Gateway with the option no check for certificate. When I tested the URL connection to the Security Gateway in the Manageg cluster I got "There were some SSL certificate problems detected, they need to be fixed to enable agentless monitoring". I installed de Gateway to monitor Android and IOS apps. How do I set the SSL certificate?

4 REPLIES 4

krystian_kowals
Newcomer

There are two ways to accomplish that and it really depends whether you prefer to have your own certificate or simply let Dynatrace Managed to fetch one for you (using Let's Encrypt certificate authority). It can be accomplished with Dynatrace Managed using Cluster Management environment. If you have your own valid certificate you can simply go to Cluster Management Home screen, click on Public Managed Security Gateway and at the bottom you'll find "Security gateway SSL certificate" panel with "Edit SSL certificate" button. If you want Dynatrace Managed to fetch certificate for you on the same page you need to assure that "Publicly available IP address" is populated and than please navigate to the Setting>Public endpoints page where you need to enable "Enable management of domain name and SSL certificates". In both cases after a few minutes new certificate should be applied.

Thank you!

Since managed already uses Lets Encrypt, is it then possible to use custom domain?

From what I can understand, it should really be a case of altering a couple of parameters and possibly saving an authentication key.


krystian_kowals
Newcomer

It is not only that Dynatrace Managed uses Let's Encrypt certificates. We automate process of issuing and renewing the certificate for the fully qualified domain name (FQDN) and in oder to achive that we create in DNS entry for the cluster. Thus to answer the question - somehow we are using "custom domain" but it is randomly generated name in *.dynatrace-managed.com domain that we are managing. For now there is no way the customer can configure that name on the cluster side.