Questions for SSL configuration
Hi,
we want to use our own Certificate for the dynaTrace Server Website. I found the description Configure SSL Communication#HowtoCreateaCustomKeystore and tried to make it like this, but it seems that I have overseen something.
We created our own .jks-File and added following lines in the dtserver.ini
-Dcom.dynatrace.diagnostics.communication.sslkeystorepassword= -Dcom.dynatrace.diagnostics.web.ssl.keystore=conf/customkeystore.jks -Dcom.dynatrace.diagnostics.web.ssl.password= -Dcom.dynatrace.diagnostics.web.ssl.keypassword=
When I restart the server, I can't connect and the logs give me following errors
WARNING [CommunicationLayerUtils] error while initializing ssl environment: Keystore was tampered with, or password was incorrect: com.dynatrace.diagnostics.server.communication.CommunicationLayerUtils startSSLEnvironment:40 java.io.IOException: Keystore was tampered with, or password was incorrectWARNING [ServerClientPassiveCommunication] Error while initializing server communication!: com.dynatrace.diagnostics.server.communication.ServerClientPassiveCommunication a:116 com.dynatrace.diagnostics.communication.tcp.exception.CommunicationException: unable to initialize server-socket DefaultServerSocketHandler-localhost:2031:SSL
WARNING [ServerCommunicationLayer] error while initializing collector communication layer!: com.dynatrace.diagnostics.server.ServerCommunicationLayer startInternal:137 com.dynatrace.diagnostics.communication.tcp.exception.CommunicationException: unable to initialize server-socket De faultServerSocketHandler-*:6699:SSL
I was a bit surprised that the communication between collector and server is also affected...
So I tried the same parameters in the dtfrontendserver.ini, but there they are just ignored....
Do I make a mistake in configuration or is it really the keystore, which is corrupted? Will the ssl-key be used for the whole dynatrace-communication or just for the Website?
Hope someone has an idea.
Regards,
Jan
Try without the "com.dynatrace.diagnostics.communication.sslkeystorepassword" as this is not needed for the keystore for the web-pages, but rather configures a different passwort for the keystore loaded for the SSL communication between Server and Collector and thus causes the error messages that you are seeing.
Seems the docu-page is a bit misleading here as the entry about generating the keystore applies for both cases, but does not state so in the last paragraph.
Thank you for the hint. After disabling this option, I was able to concentrate on the real error 
Our admins created a keystore with different password and keypassword.
Now it works.
Regards,
Jan
Community Member of the Month
September 2018
Announcing Dynatrace's Community Member of the Month for September 2018, Muthu P.! Click here to read more! Employee Member of the Month
September 2018
Announcing Dynatrace's Employee Member of the Month for September 2018, Kris Z.! Click here to read more! 