dynaTrace 5.6 - weak cert question

Question

Question by Tamás V. · Jan 28, 2014 at 02:29 PM ·

dynaTrace 5.6 - weak cert question

Hi everyone,

We are planning a dynaTrace upgrade from 4.2 to 5.6.

I've read the known issues in dynaTrace 5.6, and one thing is not clear:

Java 7 does not accept weak certificates by default. This might lead to refused connections e.g. when authenticating to a secure LDAP server with a weak certificate.

Is this saying that if we're using LDAP for dyna users/groups (we do), there is a chance we'll face this refused connection problem after upgrade?

And by certificate, it mean SSL certificate, right? If yes, how can i decide if a certificate is weak, or not?

In our dynaTrace server settings under Users -> LDAP, the "Use SSL connection" checkbox is NOT checked, so we're not using secure connection to the LDAP server, and therefore we won't face this issue, am i right?

Thank you in advance!

Best regards,
Tamás Vincze

0

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Answer 1 · 2014-02-05T14:14:29Z

Answer by Kurt A. · Feb 05, 2014 at 02:14 PM

Hello Tamás,

Java 7 does not accept weak certificates (i.e. certificates using weak hashing or signing algorithms, for instance MD2 or an RSA key of size < 1024) by default. This might lead to refused connections e.g. when authenticating to a secure LDAP server with a weak certificate.

Does this answer your question?

Kurt

0 · Share

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

dynaTrace 5.6 - weak cert question

1 Reply

How to get started

NAM 2019 SP5 is available

LIVE WEBINAR

Follow this Question

Forum Tags