FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HTTP Monitor - Problem with certificates (--insecure curl option)

carlos_ortega
Organizer

‎07 Apr 2022 02:51 PM - last edited on ‎11 Apr 2022 06:18 AM by Community Team

Using an HTTP Monitor to check the availability of an HTTPS URL, I receive an error in that monitor. Doing the curl command related to it (we are using a private location) we receive the following error:

 

* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

 

If I use the --insecure option, I receive the proper result. However, I'm not able to see if I have to establish some option or configuration to have the same behavior in the HTTP monitor (similar to the --insecure option) in order to have the proper result. 

 

Can you help me to solve this situation, please?

 

Thanks,

Carlos

 

Labels:
0 Kudos
Reply
5 REPLIES 5

HannahM
Dynatrace Leader
Dynatrace Leader

‎07 Apr 2022 02:56 PM

Does the 'Accept any SSL certificate' option do what you want? https://www.dynatrace.com/support/help/how-to-use-dynatrace/synthetic-monitoring/http-monitors/confi...

0 Kudos
Reply

carlos_ortega
Organizer

‎07 Apr 2022 03:05 PM

Yes, That option is enabled.

 

carlos_ortega_0-1649340332706.png

thanks

0 Kudos
Reply

HannahM
Dynatrace Leader
Dynatrace Leader
In response to carlos_ortega

‎07 Apr 2022 03:30 PM

I'm not sure. What is the error you see in the HTTP monitor? Possibly this would be best looked at in a support ticket?

0 Kudos
Reply

DanielS
DynaMight Leader
DynaMight Leader

‎08 Apr 2022 03:04 PM

Another tip based in my experience. Check if you have a mediator in the middle like an F5 that exchanges the certificates. That could add some noise in the process.

The true delight is in the finding out rather than in the knowing.
0 Kudos
Reply

techean
Dynatrace Champion
Dynatrace Champion

‎13 Apr 2022 10:33 AM

Hey,

 

Which OS your source server is from where you are trying the curl option with insecure request?

Try importing the certs in the ca cert path of the OS directories and also java ca cert path for any java based app.

For windows you can simply download the certificate and install in the device.

This will solve this issue.

KG
0 Kudos
Reply
Ask a question