Hi,
we want to use our own Certificate for the dynaTrace Server Website. I found the description Configure SSL Communication#HowtoCreateaCustomKeystore and tried to make it like this, but it seems that I have overseen something.
We created our own .jks-File and added following lines in the dtserver.ini
-Dcom.dynatrace.diagnostics.communication.sslkeystorepassword= -Dcom.dynatrace.diagnostics.web.ssl.keystore=conf/customkeystore.jks -Dcom.dynatrace.diagnostics.web.ssl.password= -Dcom.dynatrace.diagnostics.web.ssl.keypassword=
When I restart the server, I can't connect and the logs give me following errors
WARNING [CommunicationLayerUtils] error while initializing ssl environment: Keystore was tampered with, or password was incorrect: com.dynatrace.diagnostics.server.communication.CommunicationLayerUtils startSSLEnvironment:40 java.io.IOException: Keystore was tampered with, or password was incorrect WARNING [ServerClientPassiveCommunication] Error while initializing server communication!: com.dynatrace.diagnostics.server.communication.ServerClientPassiveCommunication a:116 com.dynatrace.diagnostics.communication.tcp.exception.CommunicationException: unable to initialize server-socket DefaultServerSocketHandler-localhost:2031:SSL WARNING [ServerCommunicationLayer] error while initializing collector communication layer!: com.dynatrace.diagnostics.server.ServerCommunicationLayer startInternal:137 com.dynatrace.diagnostics.communication.tcp.exception.CommunicationException: unable to initialize server-socket De faultServerSocketHandler-*:6699:SSL
I was a bit surprised that the communication between collector and server is also affected...
So I tried the same parameters in the dtfrontendserver.ini, but there they are just ignored....
Do I make a mistake in configuration or is it really the keystore, which is corrupted? Will the ssl-key be used for the whole dynatrace-communication or just for the Website?
Hope someone has an idea.
Regards,
Jan
Answer by Jan-Hendrik W. ·
Thank you for the hint. After disabling this option, I was able to concentrate on the real error
Our admins created a keystore with different password and keypassword.
Now it works.
Regards,
Jan
Answer by Dominik S. ·
Try without the "com.dynatrace.diagnostics.communication.sslkeystorepassword
" as this is not needed for the keystore for the web-pages, but rather configures a different passwort for the keystore loaded for the SSL communication between Server and Collector and thus causes the error messages that you are seeing.
Seems the docu-page is a bit misleading here as the entry about generating the keystore applies for both cases, but does not state so in the last paragraph.
JANUARY 15, 3:00 PM GMT / 10:00 AM ET