question

Yuting W. avatar image
Yuting W. asked ·

How to generate CSR (Certificate Signing Request) in Dynatrace AppMon Server

I am wondering how we can generate CSR (Certificate Signing Request) in AppMon. This is for the issue when we open a Dynatrace AppMon web dashboard, it will ask the browser if it trusts the source or not.

appmonserversecurity
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

1 Answer

Babar Q. avatar image
Babar Q. answered ·

Hello @Yuting W.

Please follow the instructions to generate the CSR and install the SSL Certificate for the Web Dashboards.

  • Keytool is the utility located under Java\bin folder. Run the below command to generate the key.
  • keytool -genkey -alias 14025879 -keyalg RSA -keysize 2048 -keystore "C:\keystore\webdashboards.jks"
  • Completed all the requests to generate the CSR and remember the password.
  • Run the following command and take the output to a file to share with the respective team to get the SSL certificate.
  • keytool -certreq -alias abcdef -keystore "C:\keystore\webdashboards.jks" -file C:\keystore\abcdef.txt
  • Once you received back the certificate in the form of .crt, now import this file into the same keystore using the below commands.
  • keytool -importcert -alias abcedf -file C:\certificate\webdashboards.xyz.com.crt -keystore "C:\keystore\webdashboards.jks

Note: Root and intermediate certificates also need to be imported if the keystore is new.

Make sure to restart the Frontend and Backend Services once the above activity has been done.

Regards,

Babar

8 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Under which directory should I run this " keytool -genkey -alias 14025879 -keyalg RSA -keysize 2048 -keystore "C:\keystore\webdashboards.jks" ?

0 Likes 0 · ·

Also what should I put for "14025879" ? Would that be my domain name?

0 Likes 0 · ·

Hello @Yuting W.

You will have to run this command under Java\bin folder.

"14025879" was an example of certificate name.

Regards,

Babar

0 Likes 0 · ·

Do you mean the Java\bin folder inside the dynatrace directory?

0 Likes 0 · ·

Hello @Yuting W.

Yes. You can use the inside Java from Dynatrace directory.

e.g. C:\appmon72\jre\bin

Regards,

Babar

0 Likes 0 · ·

I got an error saying

keytool error: java.lang.Exception:Failed to establish chain from reply

After i insert back the cert file. Not sure if this is because i did not import the root and intermediate certification? I don't know where i can find those

0 Likes 0 · ·

Hello @Yuting W.

You can ask the team who have generated the certificate for you. Usually, companies already have their root and intermediate certificates to complete the chain.

Regards,

Babar

0 Likes 0 · ·

I did check with the openssl commanline. It is complaining that missing key pair.

0 Likes 0 · ·