• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
        • Enterprise Synthetic Monitoring
      • Synthetic Classic
        • Synthetic Classic Open Q&A
  • Home /
  • Public Forums /
  • Application Monitoring & UEM /
  • AppMon & UEM Open Q&A /
avatar image
Question by Jan-Hendrik W. · Oct 16, 2014 at 07:06 PM ·

Questions for SSL configuration

Hi,

we want to use our own Certificate for the dynaTrace Server Website. I found the description Configure SSL Communication#HowtoCreateaCustomKeystore and tried to make it like this, but it seems that I have overseen something.

We created our own .jks-File and added following lines in the dtserver.ini

-Dcom.dynatrace.diagnostics.communication.sslkeystorepassword=
-Dcom.dynatrace.diagnostics.web.ssl.keystore=conf/customkeystore.jks
-Dcom.dynatrace.diagnostics.web.ssl.password=
-Dcom.dynatrace.diagnostics.web.ssl.keypassword=

 

When I restart the server, I can't connect and the logs give me following errors

WARNING [CommunicationLayerUtils] error while initializing ssl environment: Keystore was tampered with, or password was incorrect: com.dynatrace.diagnostics.server.communication.CommunicationLayerUtils startSSLEnvironment:40
java.io.IOException: Keystore was tampered with, or password was incorrect

WARNING [ServerClientPassiveCommunication] Error while initializing server communication!: com.dynatrace.diagnostics.server.communication.ServerClientPassiveCommunication a:116
com.dynatrace.diagnostics.communication.tcp.exception.CommunicationException: unable to initialize server-socket DefaultServerSocketHandler-localhost:2031:SSL

WARNING [ServerCommunicationLayer] error while initializing collector communication layer!: com.dynatrace.diagnostics.server.ServerCommunicationLayer startInternal:137
com.dynatrace.diagnostics.communication.tcp.exception.CommunicationException: unable to initialize server-socket De
faultServerSocketHandler-*:6699:SSL

I was a bit surprised that the communication between collector and server is also affected...
So I tried the same parameters in the dtfrontendserver.ini, but there they are just ignored....

Do I make a mistake in configuration or is it really the keystore, which is corrupted? Will the ssl-key be used for the whole dynatrace-communication or just for the Website?

Hope someone has an idea.

 

Regards,

Jan

 

 

 

 

 

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

2 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Jan-Hendrik W. · Oct 20, 2014 at 06:48 PM

Thank you for the hint. After disabling this option, I was able to concentrate on the real error (wink)

Our admins created a keystore with different password and keypassword.

Now it works.

 

Regards,

Jan

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

avatar image

Answer by Dominik S. · Oct 17, 2014 at 05:36 PM

Try without the "com.dynatrace.diagnostics.communication.sslkeystorepassword" as this is not needed for the keystore for the web-pages, but rather configures a different passwort for the keystore loaded for the SSL communication between Server and Collector and thus causes the error messages that you are seeing.

Seems the docu-page is a bit misleading here as the entry about generating the keystore applies for both cases, but does not state so in the last paragraph.

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

Welcome to the
Dynatrace Community Forums

Check out the Community User Guide and First steps in the forum to learn how to get started.

Community Member of the Month
July 2019

Announcing Dynatrace's Community Member of the Month for July 2019, Wai C.! Click here to read more!

Employee Member of the Month
July 2019

Announcing Dynatrace's Employee Member of the Month for July 2019, Patrick H.! Click here to read more!

Live webinar: Automate Deployment and Site Reliability with Bots, ChatOps, and Dynatrace

oin us in a session where Zohaib UL-Hassan and Nestor Zapata from Citrix will explain their different bot use cases, get insights into how they implemented them, and learn how you can integrate Dynatrace monitoring data into your own bot automation framework.
Tuesday, July 23, 4:00 p.m. CEST/10:00 a.m. EDT
Register here

Live webinar: Automate Deployment and Site Reliability with Bots, ChatOps, and Dynatrace

oin us in a session where Zohaib UL-Hassan and Nestor Zapata from Citrix will explain their different bot use cases, get insights into how they implemented them, and learn how you can integrate Dynatrace monitoring data into your own bot automation framework.
Tuesday, July 23, 4:00 p.m. CEST/10:00 a.m. EDT
Register here

NAM 2019 SP1 is available

See what's been improved in metric charts, Report explorer, and Reporting data servers screen.
Learn more

Live webinar: Automate Deployment and Site Reliability with Bots, ChatOps, and Dynatrace

oin us in a session where Zohaib UL-Hassan and Nestor Zapata from Citrix will explain their different bot use cases, get insights into how they implemented them, and learn how you can integrate Dynatrace monitoring data into your own bot automation framework.
Tuesday, July 23, 4:00 p.m. CEST/10:00 a.m. EDT
Register here

Follow this Question

Answers Answers and Comments

2 People are following this question.

avatar image avatar image

Forum Tags

dotnet mobile monitoring load iis 6.5 kubernetes mainframe rest api errors dashboard framework 7.0 appmon 7 health monitoring adk log analytics services auto-detection uem webserver test automation license web performance monitoring ios nam probe collector migration mq web services knowledge sharing reports window plugin java browser agent community user guide hybris javascript appmon sensors good to know search 6.3+ server documentation web dashboard kibana system profile purelytics docker splunk 6.1 processes account 7.2 rest dynatrace saas spa guardian appmon administration production user actions postgresql upgrade oneagent measures security Dynatrace Managed transactionflow diagnostics user sessions unique users continuous delivery configuration alerting nginx splitting business transaction client 6.3 installation chart database scheduler apache mobileapp rum php dashlet purepath plugins agent 7.1 appmonsaas messagebroker nodejs 6.2 incidents android sensor performance warehouse
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A
      • Enterprise Synthetic Monitoring
    • Synthetic Classic
      • Synthetic Classic Open Q&A