FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How does Dynatrace manage the default Activegate Certificates?

Go to solution
JamesD09
Dynatrace Participant
Dynatrace Participant

‎31 May 2023 04:43 PM

A couple of questions off the back of the subject:

- how does DT manage out of date AG certificates? doe they auto renew? (We're using the default AG cert)
- Does Dynatrace have a certificate validity check during install of the AG? 

Any further information on AG default certificates would be amazing, i can't seem to find much information in the official docs.


0 Kudos
Reply
5 REPLIES 5

Go to solution
AntonPineiro
DynaMight Guru
DynaMight Guru

‎31 May 2023 05:13 PM

Hi,

Dynatrace has an entry about Custom SSL certificate for ActiveGate but I cannot see answers for your questions.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl
0 Kudos
Reply

Go to solution
JamesD09
Dynatrace Participant
Dynatrace Participant
In response to AntonPineiro

‎31 May 2023 05:19 PM

Yeah, we're not intending to use custom ssl certificates.

All i can see on the documentation is the following:

Connection to ActiveGate, from OneAgents or REST API, takes place over an encrypted HTTPS channel. ActiveGate presents a self-signed authentication certificate to all connecting clients. While OneAgent instances may ignore the validity of ActiveGate certificates (depending on configuration).

0 Kudos
Reply

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend
In response to JamesD09

‎31 May 2023 06:34 PM - edited ‎31 May 2023 06:35 PM

Yes, that's correct and default behaviour.

Dynatrace does not manage the certificates on ActiveGates, only provides you with methods to manage them. Either locally or also using API (preferred) or even certs can be setup during installation. By default, there is a self-signed certificate issued to *.clients.dynatrace.org with a 10 year validity.

OneAgents can be configured so they connect only to trusted AG (trusted in means of certificate) and it's not by default.

For outgoing connections, AG uses its truststore.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
0 Kudos
Reply

Go to solution
a_barbera
Dynatrace Contributor
Dynatrace Contributor
In response to Julius_Loman

‎05 Jun 2023 01:30 PM - edited ‎05 Jun 2023 03:32 PM

Hi @Julius_Loman ,

The default self-signed certificate is this enabled by default, or does the customer need to enable this certificate? 

After 10 years how the update will happen?

Thanks in advance!

0 Kudos
Reply

Go to solution
LukasNe
Observer
In response to Julius_Loman

‎06 Jun 2023 01:42 PM

Hi @Julius_Loman ,

do you have any documentation about the OneAgent configuration? We want to use our own certificates and not the self-signed ones. It only says that an agent "may ignore" the validity depending on the configuration (Custom SSL certificate for ActiveGate | Dynatrace Docs). But I can't find anything about this configuration (Customize OneAgent installation on Linux | Dynatrace Docs).

In our company we use .pem files with the public keys on the agents, but I can't find any more information about that either.

0 Kudos
Reply
Ask a question

Featured Posts