This question was
closed
by
Venkata C. for the following reason: The question is answered, right answer was accepted
SSL certificates for Integration
Hello, we are a Dynatrace managed customer and we are trying to better understand how the DT works in the integration space ex. Webhooks
We have our self-signed certs - enterprise level (sorry if I am not using the right terminology) loaded on the DT cluster, but when we try to establish communication with Webhooks system. We see an error in the server.0.0.log
"exception=SSLHandshakeException: sun.security.validator.ValidatorExpception:PKIX path building failed:.. sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target ..."
Webhook system has the proper enterprise level cert loaded and we believe it is on the DT side that the trust is not working to verify the cert presented by the Webhook system.
If you have run into similar issue what was your resolution and can you please share with us? We got some suggestions but our admin is not happy is messing with JRE\cacerts as these will be overwritten with new updates.
Thank you in advance!
Best Answer
Only idea I have is because root cert on managed cluster
https://www.dynatrace.com/support/help/shortlink/managed-ssl#before-you-begin
For ActiveGate that is executing plugins that are asking https web services we had to provide root cert. without that it does not work properly. But there we had opposite situation, dynatrace cluster has default letr’s encrypt cert and called service had cert generated by organisation.
Sebastian
Thank you Sebastian! We have already uploaded our internal certs and the UI works like expected, but the SSL fails when we initiate a Webhooks session and our understanding was Dynatrace maintains another keystore/truststore. We were given 5 different locations and one of them is JRE and our admin has concerns about this directory.
Best Answer
The support has provided us a solution by uploading our chain certs to the store under server/conf - we were able to validate and confirm it is working as expected .
