This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Dynatrace tips
Tips and workarounds from Dynatrace users for Dynatrace users.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL Certificate Monitor extension add certificates to MZ

Go to solution
Mizső
DynaMight Guru
DynaMight Guru

‎21 Aug 2024 04:34 PM - last edited on ‎23 Aug 2024 09:28 AM by Community Team

Hi Folks,

Issue: If you use SSL Certificate Monitor plugin and your hosts or hostgroups are organized in MZ and you filter to your MZ on your hosts overview pages you can not see the certifiactes belong to the host or host's processes.

How to add certifiactes to the MZs? Organize your certificates configurations by host groups or MZ. Configuartion_label will be important in my case.

Mizs_0-1724253835144.png

Add your certifacte to the proper MZ with entity selector:

type(python:certificate_monitor_certificate),monitoring_config(YYYY) - Now I am using this. Configuration_label = monitoring_config (property of the certificate see below)

OR you can use other certificate properties:

type(python:certificate_monitor_certificate),port(5556)
type(python:certificate_monitor_certificate),subject_alt_name_1(weblogic)

 

You can check your certificate properites with the monitored etities API call with entity ID:

GET SaaS https://{your-environment-id}.live.dynatrace.com/api/v2/entities/{entityId}
Environment ActiveGateCluster ActiveGate https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/entities/{entityId}

 

Example response:

{
"entityId": "CUSTOM_DEVICE-5C8A7360EA322B7E",
"type": "python:certificate_monitor_certificate",
"displayName": "weblogic certificate on 5556",
"firstSeenTms": 1700783563328,
"lastSeenTms": 1723801132413,
"properties": {
"subject_alt_name_9": "",
"subject_alt_name_8": "",
"subject_alt_name_7": "",
"subject_alt_name_6": "",
"validity_not_before": "2022-11-17",
"subject_alt_name_5": "",
"host_port": "10.240.162.16:5556",
"subject_alt_name_4": "",
"monitoring_config": "YYYY",
"subject_alt_name_3": "",
"subject_alt_name_2": "",
"certificate_stage": "STAGE_0",
"subject_alt_name_1": "weblogic",
"source": "OneAgent",
"subject_common_name": "weblogic",
"host_att": "HOST-80742DFBF49E5399",
"issuer_org_name": "XXXXXXXXX",
"common_name": "weblogic",
"cert_lifecycle": "0: Greater than 30",
"issuer_common_name": "XXXXXXXXX",
"serial_number": "0xd024d027dd262333c96ced3808de619",
"port": "5556",
"subject_alt_name_10": "",
"subject_alt_name_11": "",
"subject_org_name": "XXXXXXXXX",
"validity_not_after": "2024-11-17"
},
"tags": [],
"managementZones": [],
"icon": {
"primaryIconType": "dynatrace",
"customIconPath": "certificate"
},
"fromRelationships": {
"runsOn": [
{
"id": "HOST-80742DFBF49E5399",
"type": "HOST"
}
],
"isChildOf": [
{
"id": "CUSTOM_DEVICE-6AD8A21A0BEE2345",
"type": "python:certificate_monitor"
}
],
"calls": [
{
"id": "PROCESS_GROUP_INSTANCE-7AFD523F463BE74E",
"type": "PROCESS_GROUP_INSTANCE"
}
]
}
}

I hope it helps.

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional
Labels:
Reply
5 REPLIES 5

Go to solution
Daniël
Organizer

‎22 Aug 2024 06:37 AM

I encountered the same issue indeed. I'm using the MZ config: type("python:certificate_monitor_certificate"),fromRelationships.runsOn(type(HOST), Tag("AppA", "AppB"))

I use this one as I prefer the configuration to be generic and control all entities via autotagging. This way I know all configs on all different places in Dynatrace (MZ's, Dashboards, etc etc) will point to tagging and if something is wrong I can modify tagging which directly has it effects on all views.

Kind r egards,

Daan 

Reply

Go to solution
Mizső
DynaMight Guru
DynaMight Guru
In response to Daniël

‎22 Aug 2024 06:40 AM - edited ‎22 Aug 2024 07:53 AM

Hi @Daniël 

It is also a nice solution. Thanks for sharing it.

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional
Reply

Go to solution
Sohel_Rashid
Newcomer_
In response to Daniël

‎29 Nov 2025 10:33 AM

Hi All,SSL Certificate Tagging.png

I’m trying to configure the SSL Certificate Monitor extension using Tag-based filtering.
However, when I select a specific tag, only one host appears, even though multiple hosts have the same tag assigned.

Issue:

  • Tag: SSL Certificate–IMPS: Web

  • Expected: Multiple hosts should show up (all hosts with this tag)

  • Actual: Only one host is displayed for selection 

Do we need to enable any additional settings for tag-wise host discovery in the SSL Certificate Monitor?

0 Kudos
Reply

Go to solution
Mizső
DynaMight Guru
DynaMight Guru
In response to Sohel_Rashid

‎30 Nov 2025 09:37 PM

Hi @Sohel_Rashid 

I would create a Management Zone for the tagged hosts and then in this extension configuration I would use the Management Zone tab for the configuration. In your example at the Host tab you can select only one host always, with the tag in this case you can only filter not select hosts.

Example MZ: Certificate.

Example Rule with Entiriy selectror: type("HOST"),tag("SSL Certificate–IMPS") 

I hope it helps. 

Best regards,

János

Dynatrace Community RockStar 2024, Certified Dynatrace Professional
Reply

Go to solution
Sohel_Rashid
Newcomer_
In response to Mizső

‎01 Dec 2025 07:20 AM

Hi János,

Thanks a lot for the clarification.

So, to confirm — I need to create a new Management Zone specifically for this use case. I already have an existing IMPS MZ, but I cannot use the rule:

type("HOST"), tag("SSL Certificate–IMPS")


inside that MZ because it would pull in all hosts with this tag, correct?

Just wanted to confirm that adding this rule inside the existing IMPS MZ will make all tagged hosts appear in that zone.

Thanks again for your support.

Regards,
Sohel

0 Kudos
Reply
Ask a question

Featured Posts