15 Dec 2023 08:10 AM
Hi ,
I created a self signed certificate using
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout abc.pem -out abc.pem
I followed this command from https://docs.dynatrace.com/docs/managed-cluster/configuration/how-to-add-a-certificate-to-server-tru...
nohup <PRODUCT_PATH>/installer/reconfigure.sh --update-cert --network-proxy-cert-file <cert_file>.cer &
And I have encountered this issue.
2023-12-15 06:58:01 UTC SEVERE [<server,0x3>] [<platform>, LoggingThrowableHandler] VirtualMachineError in thread "main@main": java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext); taskInfo= ... Terminating Runtime with exit code=2
java.lang.InternalError: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.net.http/jdk.internal.net.http.HttpClientImpl.<init>(Unknown Source)
at java.net.http/jdk.internal.net.http.HttpClientImpl.create(Unknown Source)
at java.net.http/jdk.internal.net.http.HttpClientBuilderImpl.build(Unknown Source)
at java.net.http/java.net.http.HttpClient.newHttpClient(Unknown Source)
at com.dynatrace.sso.shared.api.idp.IdpUriSupplier.<init>(IdpUriSupplier.java:91)
at com.dynatrace.sso.shared.api.idp.IdpUriSupplier.newInstance(IdpUriSupplier.java:135)
at com.compuware.apm.server.core.api.ServerLifecycle.<init>(ServerLifecycle.java:878)
at com.compuware.apm.server.onprem.OnPremServerLifecycle.<init>(OnPremServerLifecycle.java:712)
at com.compuware.apm.server.onprem.OnPremServerStartup.lambda$main$0(OnPremServerStartup.java:29)
at com.compuware.apm.server.core.ServerStartup.commonMain(ServerStartup.java:34)
at com.compuware.apm.server.onprem.OnPremServerStartup.main(OnPremServerStartup.java:22)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.base/java.security.Provider$Service.newInstance(Unknown Source)
at java.base/sun.security.jca.GetInstance.getInstance(Unknown Source)
at java.base/sun.security.jca.GetInstance.getInstance(Unknown Source)
at java.base/javax.net.ssl.SSLContext.getInstance(Unknown Source)
at java.base/javax.net.ssl.SSLContext.getDefault(Unknown Source)
... 11 more
Caused by: java.security.KeyStoreException: problem accessing trust store
at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(Unknown Source)
at java.base/javax.net.ssl.TrustManagerFactory.init(Unknown Source)
at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getTrustManagers(Unknown Source)
at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.<clinit>(Unknown Source)
at java.base/sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(Unknown Source)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.base/java.security.Provider.newInstanceUtil(Unknown Source)
... 16 more
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at java.base/sun.security.util.DerInputStream.getLength(Unknown Source)
at java.base/sun.security.util.DerValue.init(Unknown Source)
at java.base/sun.security.util.DerValue.<init>(Unknown Source)
at java.base/sun.security.util.DerValue.<init>(Unknown Source)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source)
at java.base/java.security.KeyStore.load(Unknown Source)
at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(Unknown Source)
at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(Unknown Source)
at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(Unknown Source)
... 26 more
Any ideas what I did wrong? Your help is very much appreciated 🙂
Best Regards,
Abner
Solved! Go to Solution.
15 Dec 2023 09:21 AM
Hello @abnerlusung
1. Get the .pem version of the certificate assigned to Proxy.
2. Run the reconfigure.sh command and it should complete without any errors:
nohup <PRODUCT_PATH>/installer/reconfigure.sh --update-cert --network-proxy-cert-file <cert_file>.pem &
3. Restart all the services (If needed)
Cheers!
RN
15 Dec 2023 10:29 AM
This is exactly what I did.
15 Dec 2023 10:37 AM
Did you receive similar message post execute reconfigure.sh
Error - 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte
18 Dec 2023 07:18 AM
Most likely you need to strip the PEM file to contain just the certifikacte (no private key, no other information, just everything between BEGIN CERTIFICATE and END CERTIFICATE, including those two lines).