This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Open Q&A
If there's no good subforum for your question - ask it here!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace SaaS AWS, using EdgeConnect in corporate network over VPC Endpoint/private Link to Dynatrace Service Endpoint

mweber5
Visitor

‎27 Nov 2025 11:38 AM

Hello together,

we have a Dynatrace SaaS tenant in AWS and our corporate network is connected over a VPC endpoint/private link to the Dynatrace SaaS Service endpoint.

We now want to place an EdgeConnect in our corporate network and connect over that private link.

So we reach our tenant xyz12345.apps.dynatrace.com over the private link instead of the Internet.

The EdgeConnect should run in a container on an AWS EC2 instance with Redhad 9 and podman installed.

 

But the container always exits when trying to connect to the Dynatrace tenant with "TLS error - hostname mismatch"

 

very simple edgeConnect.yaml:

name: my-edgeconnect
api_endpoint_host: xyz12345.apps.dynatrace.com
log_level: debug
oauth:
  client_id: dt0s10.xxxxxxxxx
  client_secret: dt0s10.xxxxxxxxxxxxxxxx
  resource: urn:dtenvironment:xyz12345
  endpoint: sso.dynatrace.com/sso/oauth2/token


error when trying to start the EdgeConnect container:

2025-11-27T08:59:36.260710854+0000 info [edge_connect::dt_oauth] OAuth 2.0 Client Credentials flow succeeded. Token with scope app-engine:edge-connects:connect expires in 300s
2025-11-27T08:59:36.270188903+0000 info [edge_connect::websocket::connection] Connection 1: Opening connection to wss://xyz12345.apps.dynatrace.com/platform/app-engine/edge-connect/v1/connect.
2025-11-27T08:59:36.365668392+0000 info [edge_connect::websocket::manager] Beginning shutdown (initial connection attempt failed)
2025-11-27T08:59:36.365704289+0000 error [edge_connect] Exiting due to error: Initial connection attempt failed: Error establishing connection: TLS error: native-tls error: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1889: (hostname mismatch)


I assume, that it depends on the certificate I get when connecting to Dynatrace over the private link.
Here the certificate for xyz12345.apps.dynatrace.com includes "*.live.dynatrace.com" which is different from the certificate when connecting over the Internet.


Server certificate
subject=C=US, ST=Massachusetts, L=Waltham, O=Dynatrace LLC, CN=*.live.dynatrace.com
issuer=C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

 

(Connecting an EdgeConnect to our SaaS tenant directly over the Internet works without problems, but we need it in corporate network over private link)

 

Does somebody managed to connect EdgeConnect over an AWS private link to Dynatrace SaaS?

Labels:
0 Kudos
Reply
0 REPLIES 0
Ask a question

Featured Posts