This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to configure trusted root certificates on ActiveGate

Go to solution
MAkimov
Mentor

‎25 Sep 2019 02:42 PM - last edited on ‎10 Jul 2023 12:42 PM by DynaMight Pro

Hello

I have an issue adding Kubernetes Cluster monitoring using the API

I have this error

id":"KUBERNETES_CLUSTER-97A6AE3DB6B8D47C","statusInfo":"SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","statusInfos":{},"connectionState":"UNKNOWN_ERROR

I think this is due to the lack of a certificate on the ActiveGate

I tried to configure trusted root certificates on ActiveGate. I use doc https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/configuration/co...

I followed the documentation but got nothing happened

1. security gave me a certificate - open-shift-ca.crt

2. I put it in a location outside the /opt/dynatrace directory

3. Edited the launcheruserconfig.conf file

-vmargs -Djavax.net.ssl.trustStore=/etc/MyJavaStore/open-shift-ca.crt

4. restart ActiveGate

But now it is not connected to Cluster.

in the log I have an error -

Failed to send INITIAL_COLLECTOR_SETUP message (target-type=SERVER, target-id=2), uri=null - CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available [Suppressing further messages for 10 minutes] [skipped logs: 414]

 

 

Any advice?

 

0 Kudos
Reply
4 REPLIES 4

Go to solution
skrystosik
DynaMight Guru
DynaMight Guru

‎25 Sep 2019 08:56 PM

In such case you should add root to cluster too I think. I've never hade chance to check only cert on AG. Always we had to install certificates on both servers because of some internal requirements and it works in such case.

Sebastian


Regards, Sebastian
0 Kudos
Reply

Go to solution
daniel_jelinski
Inactive

‎27 Sep 2019 12:55 PM

Hi, you need to merge the certificate with the Java-default ones like this:

cp /opt/dynatrace/jre/lib/security/cacerts /etc/MyJavaStore
keytool -import -keystore /etc/MyJavaStore/cacerts -storepass changeit -alias open-shift-ca -file /etc/MyJavaStore/open-shift-ca.crt

Then edit launcheruserconfig.conf file:

-vmargs
-Djavax.net.ssl.trustStore=/etc/MyJavaStore/cacerts

Then restart ActiveGate


Reply

Go to solution
MAkimov
Mentor
In response to daniel_jelinski

‎27 Sep 2019 01:37 PM

Thank you!


0 Kudos
Reply

Go to solution
Lukasz_Halman
Dynatrace Helper
Dynatrace Helper

‎17 Jul 2023 09:27 AM - last edited on ‎18 Jul 2023 08:09 AM by Community Team

Information in the thread is outdated. Please follow official documentation https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/configuration/co...

0 Kudos
Ask a question

Reach out to product managers
Top