20 Oct 2024 09:08 PM
When developing custom extensions, we have to upload the root cert CA to the root.pem file, in your AG, according to:
https://docs.dynatrace.com/docs/extend-dynatrace/extensions20/sign-extension
Has anyone experienced or had the need to have more than one root CA, for two set of developers. Do these files and Dynatrace support multiple root CAs in the file?
Solved! Go to Solution.
20 Oct 2024 09:13 PM
Use a single CA and generate certificates for individual developers. You upload the root CA cert only to Environment/AG/OA. But you will have you generate the certs manually (do not autogenerate it in vscode).
20 Oct 2024 09:20 PM
As long as you name the files differently, you can have several certificates in the folder. That being said, I recommend to do what Julius said though for simplicity’s sake when you onboard new developers.
20 Oct 2024 09:50 PM
Does that mean that I can have a root.pem, root1.pem, etc in the same directory?
BTW, the use case is a client where two Organizations are developing, both us & the client. And I also can see eventually other custom extensions in the future
20 Oct 2024 10:15 PM
We load in any certificate in that folder, no matter the name.
21 Oct 2024 10:19 AM - edited 21 Oct 2024 10:23 AM
Hi Antonio,
You can have several root certificates uploaded in the certificate folder, however that may defeat the benefits of signing extensions in the first place.
If you want to ensure that only your trusted developers are able to upload extensions, please consider the following:
Detailed sketch on how Extensions 2.0 are validated and ran.
Example on how additional security is being added to different systems using several intermediate CA's in a domain. Please ignore "script 2" in the sketch, as an extension cannot be signed by multiple signers (yet)
Let me know if the figures attached will help you determine what the best course of action will be for your environment.
Good luck!