Showing results for 
Show  only  | Search instead for 
Did you mean: 

How does Dynatrace manage the default Activegate Certificates?

Dynatrace Participant
Dynatrace Participant

A couple of questions off the back of the subject:

- how does DT manage out of date AG certificates? doe they auto renew? (We're using the default AG cert)
- Does Dynatrace have a certificate validity check during install of the AG? 

Any further information on AG default certificates would be amazing, i can't seem to find much information in the official docs.


DynaMight Guru
DynaMight Guru


Dynatrace has an entry about Custom SSL certificate for ActiveGate but I cannot see answers for your questions.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl

Dynatrace Participant
Dynatrace Participant

Yeah, we're not intending to use custom ssl certificates.

All i can see on the documentation is the following:

Connection to ActiveGate, from OneAgents or REST API, takes place over an encrypted HTTPS channel. ActiveGate presents a self-signed authentication certificate to all connecting clients. While OneAgent instances may ignore the validity of ActiveGate certificates (depending on configuration).

Yes, that's correct and default behaviour.

Dynatrace does not manage the certificates on ActiveGates, only provides you with methods to manage them. Either locally or also using API (preferred) or even certs can be setup during installation. By default, there is a self-signed certificate issued to * with a 10 year validity.

OneAgents can be configured so they connect only to trusted AG (trusted in means of certificate) and it's not by default.

For outgoing connections, AG uses its truststore.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

Dynatrace Contributor
Dynatrace Contributor

Hi @Julius_Loman ,

The default self-signed certificate is this enabled by default, or does the customer need to enable this certificate? 

After 10 years how the update will happen?

Thanks in advance!

Hi @Julius_Loman ,

do you have any documentation about the OneAgent configuration? We want to use our own certificates and not the self-signed ones. It only says that an agent "may ignore" the validity depending on the configuration (Custom SSL certificate for ActiveGate | Dynatrace Docs). But I can't find anything about this configuration (Customize OneAgent installation on Linux | Dynatrace Docs).

In our company we use .pem files with the public keys on the agents, but I can't find any more information about that either.

Featured Posts