cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

DC RUM 2017 SSL Certificates

megan_scheffler
Newcomer

Hello,

In our implementation of DC RUM, the RUM Console and CAS are on the same server. Can I use the same SSL certificate for both sets of instructions?

https://www.dynatrace.com/support/doc/dcrum/data-privacy-and-security/configuration/configuring-ssl-...

https://www.dynatrace.com/support/doc/dcrum/data-privacy-and-security/configuration/configuring-ssl-...

Regards,
Megan


5 REPLIES 5

shubham_gupta21
Newcomer

Hello Megan -

If you implemented SSL certificate in RUM & CAS server then please let me know the process for CAS as in our case also both RUM & CAS are on the same server. We have already implemented SSL in RUM as per procedure given in above link @Megan S.

Regards,

Shubham


megan_scheffler
Newcomer

Hello Shubham,

I was able to use the same certificate for RUM & CAS. I followed the CAS documentation and used the keystore created during the RUM certificate install. These questions were also useful:

https://answers.dynatrace.com/spaces/160/open-q-a_2/questions/204559/dcrum-2017-cas-ssl-configuratio...

https://answers.dynatrace.com/spaces/160/open-q-a_2/questions/124898/dcrum-cas-ssl-configuration.htm...

Regards,
Megan


Hi Megan,

Thanks for your response This is very helpful.

Regards,
Shubham Gupta


Hi Shubham,

You're welcome. Please let me know if I can be of further assistance.

Regards,

Megan


fstekelenburg
DynaMight Pro
DynaMight Pro


Hi, as long as the CAS en Console are on the same server you can use the same certificates.



But I would like to suggest to look at SAN (SubjectAltName)/MultiDomainname while creating the CSR.

By extending the configuration with all the logical and technical FQDN hostnames and IP adresses in use, the SSL connection can be made to any of the possible servers on either IP, hostname or logical DNS name. Works similar to wild card certificates. You could also include the acceptance, or test hosts.



For this you can configure the openssl.properties file, typically in the folder C:\Program Files\Dynatrace\CAS\server\openssl.



An example of such an openssl.properties file:



HOME= .
RANDFILE=$ENV::HOME/.rnd
####################################################################
[ req_distinguished_name ]
C=Acmenia
ST=North Acme
L=Acme City
O=ACME
OU=APM
CN=ACME APM Team
emailAddress=apm@acme.acm
#commonName_max=64
[ req ]
distinguished_name=req_distinguished_name
string_mask=utf8only
prompt=no
req_extensions = v3_req
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = apm.acme.acm
DNS.2 = apm001.acme.acm
DNS.3 = apm002.acme.acm
DNS.4 = apm003.acme.acm
DNS.7 = apm-nam.acme.acm
DNS.8 = apm-esm.acme.acm
DNS.9 = apm-acc.acme.acm
DNS.10 = apm001-acc.acme.acm
DNS.11 = apm002-acc.acme.acm
DNS.12 = apm-nam-acc.acme.acm
DNS.13 = apm-esm-acc.acme.acm
DNS.14 = acmp10011.dc1.acme.acm
DNS.15 = acmp10012.dc1.acme.acm
DNS.16 = acmp10031.dc1.acme.acm
DNS.17 = acmp20051.dc1.acme.acm
DNS.18 = acmp20052.dc1.acme.acm
IP.1 = 10.11.10.11
IP.2 = 10.11.10.12
IP.3 = 10.11.10.31
IP.4 = 10.11.20.51
IP.5 = 10.11.20.51
#[SAN]
#subjectAltName=DNS:apm-acc.acme.acm,DNS:www.example.com