This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

Why server certificate check failing?

adham_sabry
Inactive

on ‎02 Nov 2022 07:45 AM

OneAgent is shipped with trusted Dynatrace SSL certificates, which are used to verify that OneAgent connects successfully to Dynatrace Server or ActiveGate.

 

If your environment uses a proxy (thereby requiring an update to the remote server's SSL certificate), then you may encounter a

Server certificate check failed

message during the initial connection check.

 

To resolve this issue, specify the trusted proxy certificate that is to be utilized by OneAgent. To do this, provide a copy of your proxy's SSL certificate as a file called custom.pem in the

/var/lib/dynatrace/oneagent/agent/customkeys

or

%PROGRAMDATA%\dynatrace\oneagent\agent\customkeys

directory. The file custom.pem should contain the proxy’s certificate along with any intermediate certificates as required.

Version history
Last update:
‎02 Nov 2022 07:45 AM
Updated by:
Comments
ChadTurner
DynaMight Legend
DynaMight Legend
‎10 Jan 2023 02:26 PM

@adham_sabry thank you for sharing this along with the location for both linux and windows AGs

Arjun123
Newcomer_
‎29 Feb 2024 05:43 PM

Hi Team, Can you please explain why the proxy certificate verification is mandatory. Is proxy certificate is required for all the below cases or only required for domain with http.

1. If the given proxy is domain like http://testproxy.com:8888
2. proxy domain https://testproxy.com:8888

3. proxy ip http://134.56.77.55:8888

4. Proxy ip https://134.56.77.55:8888 

In some cases proxy doesn’t provide ssl ca certificate. In that case what can I do. One agent simply through missing ca certificate. 

0 Kudos
Glionel1985
Observer
‎07 Mar 2024 04:19 PM

Good morning, I am having a similar problem, I have certificate errors, it is not possible for me to connect to AG. The server where the agent is is a redhat 7.9, which makes me a little desperate. This situation assumes there is no proxy.

 

Logs:

Certificate check failed with cainfo from { serverCAInfo: [/opt/dynatrace/oneagent/agent/conf/ruxitserverfull.pem, /var/lib/dynatrace/oneagent/agent/customkeys/custom.pem], proxyCAInfo: [] }
2024-03-04 15:44:40.822 UTC [000366a2] info [comm ] URL https://{environmentid}.live.dynatrace.com/communication not working (SSL certificate problem: unable to get local issuer certificate)
2024-03-04 15:44:41.093 UTC [000366a2] warning [comm ] Certificate check failed with cainfo from { serverCAInfo: [/opt/dynatrace/oneagent/agent/conf/ruxitserverfull.pem, /var/lib/dynatrace/oneagent/agent/customkeys/custom.pem], proxyCAInfo: [] }
2024-03-04 15:44:41.093 UTC [000366a2] info [comm ] URL https://{environmentid}.live.dynatrace.com/communication not working (SSL certificate problem: unable to get local issuer certificate)

0 Kudos