Unable to connect to :2031 probably untrusted certificate: com.dynatrace.diagnostics.communication.tcp.socket.ssl.DynaTraceSSLSocketFactory openAndConnectSocket:386 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException
Hi,
I have installed Dynatrace 7.1 in Unix. The installation completed without any error.
Now I am trying to connect the server through Client (windows 10) but getting the connection refused error.
All the dyantrace servers are up and running well. There is not an error in any log files except 'FrontendServer.0.0.log'.
In this file, I am getting below error.
UTC WARNING [DynaTrace SSLSocketFactory] Unable to connect to :2031 probably untrusted certificate: com.dynatrace.diagnostics.communication.tcp.socket.ssl.DynaTraceSSLSocketFactory openAndConnectSocket:386 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: client did not accepted ssl client certificates. will not establish trust for [localhost:2031_client]
2019-10-25 13:57:27 UTC WARNING [DefaultConnectionEstablisherJob] exception was thrown while connecting: unable to establish connection to :2031 due a java.net.SocketException: Connection reset: com.dynatrace.diagnostics.communication.tcp.connection.establisher.DefaultConnectionEstablisherJob establishConnection:223
com.dynatrace.diagnostics.communication.tcp.exception.CommunicationException: unable to establish connection to :2031
My Server.config.xml are look like.
<dynatrace version="7.1.0.1803">
<serverconfig memento.version="7.1.0.1803">
myserver.com" communicationport="8041" usepreemtiveproxyauth="true" selfmoncollector="false" watchdogtimeout="10" serverport="6699" usetunnel="false" name="Embedded Dynatrace Collector" authstring="" embedded="true" tunnel=" http://myserver.com:8033/tunnel" proxyhost="">
<agentlistenaddressconfig>
myserver.com" agentport="9998" />
</agentlistenaddressconfig>
<loggingconfig path="../log/collector/Dynatrace Collector" console="ALL" maxfiles="5" level="ALL" correlationmaxfiles="2" maxbytes="10485760" correlationmaxbytes="31457280" html="false" append="true" />
<buffers agentbuffersize="32768" />
<protocoldumps maxnumberdumps="100" />
A tricky solution: set your server clock to a time when the cert is valid. Startup all services. Now frontend server is listening for clients. Now you can launch the certs wizard. When wizard is waiting for services to restart, stop manually the services, set time to current time and start services.
Hi,
I'm exactly in the same scenario: expired cert and I can't connect with client so I can't use wizard to deploy new certs. dtfrontendserver is not listening at client port. I've tried to disable ssl between frontend server and backed. Now there is no cert error but frontendserver is still not listening.
I've followed the instructions from the link to deploy a new private key and clear keys but it's not working.
Any clue or suggestion?
Guillem
AppMon 7.1 may have outdated SSL certificates. You may need to clear default certificates on server using flags from documentation:
and then create new ones using wizard in client.
If backend and front end servers are working fine you may try as well allowing connection via non SSL connection from client. I’m not sure if this is still available. It can be changed in server configuration but I’m not sure if this will take effect in 7.1.
Sebastian
