This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL Certificate Monitoring Extension Limitation in Cloud Servers

Go to solution
AravindhanV
Contributor

‎24 Mar 2025 01:04 PM - last edited on ‎26 Mar 2025 08:07 AM by Community Team

 

Hello Community 💻,

I recently interacted with Dynatrace chat support and learned that the SSL Certificate Monitoring Extension is unable to discover certificates in servers deployed in cloud environments.

Has anyone else encountered this situation? If so, how have you addressed it? Additionally, is there any official documentation available that confirms this limitation or provides guidance for such scenarios?

Looking forward to your insights and suggestions!

Thank you!

aravind
Labels:
0 Kudos
Reply
2 REPLIES 2

Go to solution
ben_davidson
Dynatrace Helper
Dynatrace Helper

‎25 Mar 2025 11:13 AM

The Certificate Monitoring extension is able to detect certificates in three ways:

  1. Using data provided by the OneAgent, the extension can compile a list of listening ports on a host. The extension will then use this data to attempt to establish secure connections with those ports. If successful, the extension would then read the certificate data.
  2. On OneAgent equipped hosts running Windows, the extension can read the Windows Certificate Store and collect information on certificates it finds there.
  3. Using the extension deployed on an ActiveGate, users can provide a list of domain names. The extension will then attempt to connect and extract any available certificate data. 

Can you explain a bit more about your deployment? You mention that your server are deployed in a cloud environment. Are these servers VM running with an OneAgent? If so, the extension should be able to detect certificates present on those hosts.

If the servers are running in containers there is a limitation. The version of the OneAgent that runs in containerized environments lacks the Extension Execution Controller so the Extension cannot run in this scenario.

0 Kudos
Reply

Go to solution
AravindhanV
Contributor
In response to ben_davidson

‎31 Mar 2025 01:17 PM

hi @ben_davidson

After the conversation with the support team, I understood that, As a OA deployed via an operator is immutable it will not support running extensions. It should be a standalone OneAgent and we got the statement as "The OneAgent deployed via the Operator does not support extensions".

 

aravind
0 Kudos
Reply
Ask a question

Featured Posts