cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL certificates for Integration

mrc15816
Helper

Hello, we are a Dynatrace managed customer and we are trying to better understand how the DT works in the integration space ex. Webhooks

We have our self-signed certs - enterprise level (sorry if I am not using the right terminology) loaded on the DT cluster, but when we try to establish communication with Webhooks system. We see an error in the server.0.0.log

"exception=SSLHandshakeException: sun.security.validator.ValidatorExpception:PKIX path building failed:.. sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target ..."

Webhook system has the proper enterprise level cert loaded and we believe it is on the DT side that the trust is not working to verify the cert presented by the Webhook system.

If you have run into similar issue what was your resolution and can you please share with us? We got some suggestions but our admin is not happy is messing with JRE\cacerts as these will be overwritten with new updates.

Thank you in advance!

3 REPLIES 3

sebastian_kryst
DynaMight Leader
DynaMight Leader

Only idea I have is because root cert on managed cluster

https://www.dynatrace.com/support/help/shortlink/managed-ssl#before-you-begin

For ActiveGate that is executing plugins that are asking https web services we had to provide root cert. without that it does not work properly. But there we had opposite situation, dynatrace cluster has default letr’s encrypt cert and called service had cert generated by organisation.

Sebastian

Thank you Sebastian! We have already uploaded our internal certs and the UI works like expected, but the SSL fails when we initiate a Webhooks session and our understanding was Dynatrace maintains another keystore/truststore. We were given 5 different locations and one of them is JRE and our admin has concerns about this directory.

mrc15816
Helper

The support has provided us a solution by uploading our chain certs to the store under server/conf - we were able to validate and confirm it is working as expected .