question

Eddie M. avatar image
Eddie M. asked ·

Appmon 7.1 - Enabling Single sign on: "Not all certificate chains are known"

Hi all,

We've recently upgraded to Dynatrace Appmon 7.1 and I'm trying to enable single sign on but I've hit a problem with ceritifcates chains I just don't understand. We currently already have LDAP setup and working for authentication.

The process so far:

  1. Open the Dynatrace Server Settings and go into the Users section.
  2. Select the Single sign-on tab and tick the box to 'Enable user authentication via SAMLv2 identity provider'
  3. Then I press the Import button and import the XML from a file provided by an admin in my organisation.
  4. The XML imports successfully but then the problems start - at the top of the window it says "not all certifcate chains are known" and at the bottom of the page "for some certificates there is no valid certificate chain available, therefore a different certificate chain needs to be imported."
  5. On this same page there is a button to "import certificate chain" and I've tried various combinations of importing ceritificates for the CN names listed in the Metadata but with no luck - there is never any valid certifcate chain available!

I assume the answer is in the phase 'certificate chain' and what's in the .pem or .p12 file. I believe this file should contain a 'chain' of certificates mapping from the URLs in the XML and back up though the issuers and authorities, but have no idea how to generate this type of certifcate?

Does anyone else have any experience they could share in doing this?

Thanks

Eddie

appmon 77.1security
1 comment
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Hi, I am facing same issue? Did you find a workaround for this?

0 Likes 0 · ·

0 Answers