on 02 Nov 2022 07:45 AM
OneAgent is shipped with trusted Dynatrace SSL certificates, which are used to verify that OneAgent connects successfully to Dynatrace Server or ActiveGate.
If your environment uses a proxy (thereby requiring an update to the remote server's SSL certificate), then you may encounter a
Server certificate check failed
message during the initial connection check.
To resolve this issue, specify the trusted proxy certificate that is to be utilized by OneAgent. To do this, provide a copy of your proxy's SSL certificate as a file called custom.pem in the
/var/lib/dynatrace/oneagent/agent/customkeys
or
%PROGRAMDATA%\dynatrace\oneagent\agent\customkeys
directory. The file custom.pem should contain the proxy’s certificate along with any intermediate certificates as required.
@adham_sabry thank you for sharing this along with the location for both linux and windows AGs
Hi Team, Can you please explain why the proxy certificate verification is mandatory. Is proxy certificate is required for all the below cases or only required for domain with http.
1. If the given proxy is domain like http://testproxy.com:8888
2. proxy domain https://testproxy.com:8888
3. proxy ip http://134.56.77.55:8888
4. Proxy ip https://134.56.77.55:8888
In some cases proxy doesn’t provide ssl ca certificate. In that case what can I do. One agent simply through missing ca certificate.
Good morning, I am having a similar problem, I have certificate errors, it is not possible for me to connect to AG. The server where the agent is is a redhat 7.9, which makes me a little desperate. This situation assumes there is no proxy.
Logs:
Certificate check failed with cainfo from { serverCAInfo: [/opt/dynatrace/oneagent/agent/conf/ruxitserverfull.pem, /var/lib/dynatrace/oneagent/agent/customkeys/custom.pem], proxyCAInfo: [] }
2024-03-04 15:44:40.822 UTC [000366a2] info [comm ] URL https://{environmentid}.live.dynatrace.com/communication not working (SSL certificate problem: unable to get local issuer certificate)
2024-03-04 15:44:41.093 UTC [000366a2] warning [comm ] Certificate check failed with cainfo from { serverCAInfo: [/opt/dynatrace/oneagent/agent/conf/ruxitserverfull.pem, /var/lib/dynatrace/oneagent/agent/customkeys/custom.pem], proxyCAInfo: [] }
2024-03-04 15:44:41.093 UTC [000366a2] info [comm ] URL https://{environmentid}.live.dynatrace.com/communication not working (SSL certificate problem: unable to get local issuer certificate)