- Mark as New
- Subscribe to RSS Feed
- Permalink
‎25 Sep 2019
02:42 PM
- last edited on
‎10 Jul 2023
12:42 PM
by
fstekelenburg
Hello
I have an issue adding Kubernetes Cluster monitoring using the API
I have this error
id":"KUBERNETES_CLUSTER-97A6AE3DB6B8D47C","statusInfo":"SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","statusInfos":{},"connectionState":"UNKNOWN_ERROR
I think this is due to the lack of a certificate on the ActiveGate
I tried to configure trusted root certificates on ActiveGate. I use doc https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/configuration/co...
I followed the documentation but got nothing happened
1. security gave me a certificate - open-shift-ca.crt
2. I put it in a location outside the /opt/dynatrace directory
3. Edited the launcheruserconfig.conf file
-vmargs -Djavax.net.ssl.trustStore=/etc/MyJavaStore/open-shift-ca.crt
4. restart ActiveGate
But now it is not connected to Cluster.
in the log I have an error -
Failed to send INITIAL_COLLECTOR_SETUP message (target-type=SERVER, target-id=2), uri=null - CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available [Suppressing further messages for 10 minutes] [skipped logs: 414]
Any advice?
Solved! Go to Solution.
- Mark as New
- Subscribe to RSS Feed
- Permalink
‎25 Sep 2019 08:56 PM
In such case you should add root to cluster too I think. I've never hade chance to check only cert on AG. Always we had to install certificates on both servers because of some internal requirements and it works in such case.
Sebastian
- Mark as New
- Subscribe to RSS Feed
- Permalink
‎27 Sep 2019 12:55 PM
Hi, you need to merge the certificate with the Java-default ones like this:
cp /opt/dynatrace/jre/lib/security/cacerts /etc/MyJavaStore
keytool -import -keystore /etc/MyJavaStore/
cacerts -storepass changeit -alias open-shift-ca -file /etc/MyJavaStore/
open-shift-ca.crt
Then edit launcheruserconfig.conf
file:
-vmargs
-Djavax.net.ssl.trustStore=/etc/MyJavaStore/cacerts
Then restart ActiveGate
- Mark as New
- Subscribe to RSS Feed
- Permalink
‎17 Jul 2023
09:27 AM
- last edited on
‎18 Jul 2023
08:09 AM
by
MaciejNeumann
Information in the thread is outdated. Please follow official documentation https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/configuration/co...
