cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
adham_sabry
Community Team
Community Team

OneAgent is shipped with trusted Dynatrace SSL certificates, which are used to verify that OneAgent connects successfully to Dynatrace Server or ActiveGate.

 

If your environment uses a proxy (thereby requiring an update to the remote server's SSL certificate), then you may encounter a

Server certificate check failed

message during the initial connection check.

 

To resolve this issue, specify the trusted proxy certificate that is to be utilized by OneAgent. To do this, provide a copy of your proxy's SSL certificate as a file called custom.pem in the

/var/lib/dynatrace/oneagent/agent/customkeys

or

%PROGRAMDATA%\dynatrace\oneagent\agent\customkeys

directory. The file custom.pem should contain the proxy’s certificate along with any intermediate certificates as required.

Version history
Last update:
‎02 Nov 2022 07:45 AM
Updated by:
Comments
ChadTurner
DynaMight Legend
DynaMight Legend

@adham_sabry thank you for sharing this along with the location for both linux and windows AGs

Arjun123
Newcomer_

Hi Team, Can you please explain why the proxy certificate verification is mandatory. Is proxy certificate is required for all the below cases or only required for domain with http.

1. If the given proxy is domain like http://testproxy.com:8888
2. proxy domain https://testproxy.com:8888

3. proxy ip http://134.56.77.55:8888

4. Proxy ip https://134.56.77.55:8888 

In some cases proxy doesn’t provide ssl ca certificate. In that case what can I do. One agent simply through missing ca certificate. 

Glionel1985
Observer

Good morning, I am having a similar problem, I have certificate errors, it is not possible for me to connect to AG. The server where the agent is is a redhat 7.9, which makes me a little desperate. This situation assumes there is no proxy.

 

Logs:

Certificate check failed with cainfo from { serverCAInfo: [/opt/dynatrace/oneagent/agent/conf/ruxitserverfull.pem, /var/lib/dynatrace/oneagent/agent/customkeys/custom.pem], proxyCAInfo: [] }
2024-03-04 15:44:40.822 UTC [000366a2] info [comm ] URL https://{environmentid}.live.dynatrace.com/communication not working (SSL certificate problem: unable to get local issuer certificate)
2024-03-04 15:44:41.093 UTC [000366a2] warning [comm ] Certificate check failed with cainfo from { serverCAInfo: [/opt/dynatrace/oneagent/agent/conf/ruxitserverfull.pem, /var/lib/dynatrace/oneagent/agent/customkeys/custom.pem], proxyCAInfo: [] }
2024-03-04 15:44:41.093 UTC [000366a2] info [comm ] URL https://{environmentid}.live.dynatrace.com/communication not working (SSL certificate problem: unable to get local issuer certificate)