Hello, We are getting the Certificate check failed in the ruxitagent_host log file while connecting to the Dynatrace live cluster during the OneAgent installation. We have already opened the 443 and 8443 ports. Telnet is successful on 443 but the telnet on port 8443 is not successful.
Below are the log lines in uxitagent_host log file:
2018-12-06 10:20:36.111 UTC [00001cc8] info [native] URL https://123abc.live.dynatrace.com:443/communication not working (SSL certificate problem: unable to get local issuer certificate) (occurred 63 times in the last 1h 0m 0s)
2018-12-06 10:21:35.369 UTC [000011c8] info [native] Removed file:C:/ProgramData/dynatrace/oneagent/log/process/ruxitagentproc_2018-11-22.log
2018-12-06 10:21:35.399 UTC [00001e74] info [native] suspicious: AutoUpdater: Failed to get new version: Not sent because last heartbeat failed.
2018-12-06 10:21:35.981 UTC [00001cc8] warning [native] Certificate check failed
What is the probable cause of this? and the possible resolution.
Solved! Go to Solution.
You need open port 8443.
It possible that your proxy/firewall server has self-signed (or non CA-signed) certificate. In that case you need to add that certificate to dynatrace truststore.
See https://www.dynatrace.com/support/help/deploy-dynatrace/managed/configuration/how-to-add-a-certificate-to-server-trust-store/ for details.
It was found that the the monitored server used proxy which was blocking the certificate negotiation between the Saas and Agent. For this network team added the bypass rule for certificate negotiation on the proxy server. After this agent got connected to SaaS cluster.