Hi Folks,

When developing the extension using the 'custom extension creator', the only remaining step is signing the extension. I always have difficulty resolving this.

Here are the key points to consider:

1. Certificates Usage:
- `Developer.pem` must be used when deploying the extension.
- `root.pem` must be kept in the directory `/var/lib/dynatrace/remotepluginmodule/agent/conf/certificates` on all servers.
- `root.pem` must also be added as a credential vault.

2. Certificate Details:
- All certificates are self-signed, not signed by any organization's certificate authority.

3. Non-Prod Environment:
- I deployed the extension successfully in the non-prod environment, and it works perfectly well.
- According to my understanding and confirmation from Dynatrace support, I can use the same certificate for both non-prod and prod environments.

4. Issue in Prod Environment:
- However, when I follow the same process in the prod environment, I encounter the following error:

Failed to assign monitoring configuration to ActiveGate.
Reason: Cannot extract extension from /var/lib/dynatrace/remotepluginmodule/agent/runtime/extensions/download/custom_extension: checking signature failed

4. Document followed:
- Sign extensions
- Sign extensions manually with OpenSSL

Troubleshooting:
I need help troubleshooting this issue and understanding the process in detail. Specifically, when deploying the extension, it checks the certificate (root.pem) added in the credential vault for extension validation. The deployment will be successful if both certificate signatures match. I am unsure what I might be doing wrong in the prod environment.

Any insights or suggestions would be greatly appreciated.

Thank you!
AK