cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

DC RUM SSL keys deployment issue

rsharma374
Contributor

Hi, I am trying to deploy .pem certs for SSL decryption on AMD but seems key is not being recognized. Is there anything we could be missing?

Already added the .pem file in /usr/adlex/config/keys directory

Already added entry of keys in keylist file

Also attaching a snapshot of ssldecr status where it says keys not recognized as 2ssl-keys-not-recognised.png


2 REPLIES 2

Erik_Soderquist
Dynatrace Pro
Dynatrace Pro

That usually indicates a problem either with the key file itself or with the format of the keylist file.

keylist format errors can include spaces in the file that should not be present, Windows line termination (CR-LF) rather than *nix line termination (NL), and general typos like a misspelling/typo.

key file problems can include being encrypted without providing the decryption passphrase to KPA, Windows line termination (CR-LF) rather than *nix line termination (NL), and having the certificate rather than the key in the file.

-- Erik


chris_v
Dynatrace Pro
Dynatrace Pro

if you examine the key file with a text editor (or vi if you're on the AMD), it should look something like this:

----- BEGIN RSA PRIVATE KEY -----
lots of lines of text/numbers
----- END RSA PRIVATE KEY -----

If it doesn't look like that, it's not a format the AMD can use. If it says CERTIFICATE instead of PRIVATE KEY, you've got the wrong half of the key (the public half), I get this all the time, server admins always just export the certificate no matter how many times you say it needs to be the private key.

If the file has windows line ends instead of unix line ends vi will show it as each line having a control code "^r" (a two character code starting with a carret ^) at the end.