Certificate Management configuration

The Certificate Management pane of the Dynatrace Server Settings dialog box allows you to generate or import, and manage self-signed and user defined certificates and deploy them to AppMon components. To access it, click Settings > Edit Server Settings, then click Certificate Management.

Restart needed

You must restart the AppMon Server and, if applicable, the Memory Analysis Server after deploying certificates. You must also restart all Collectors to apply changes after a certificate deployment.

Do not apply the certificate management wizard if you cannot restart at least the AppMon Server processes.

Start wizard to generate or import

In the Manage tab, click the appropriate Start wizard button to either Generate and deploy, or Import and deploy a certificate. This starts the applicable wizard.

Step 1 - Check preconditions

The wizard starts by checking connected and disconnected collectors and informs about the necessary restarts after a deployment. It also gives feedback if the Collectors and the Memory Analysis Server are connected and the Collectors are the same version. This helps to avoid manual steps after certificate deployment.

Collectors: A message appears if Collectors earlier than version 6.3 are present. In that case you can't proceed. You must upgrade all collectors first. See the Upgrade and Migration Guide for more information about upgrading Collectors. An error message can also appear if offline collectors are found.

If an error message appears, you can click Create list of Collector details to create a file that lists affected Collectors. Be aware that you can proceed, but offline collectors do not receive the new certificate key pair and therefore they can't connect later. Ignore this warning only if you know what you are doing.

Memory Analysis Server: A message appears if the Memory Analysis Server is offline or you do not use a Memory Analysis Server. If you do not operate a Memory Analysis Server in the AppMon tool chain, ignore the offline warning. Otherwise, close the wizard, start the Memory Analysis Server, then restart the wizard.

See Advanced Features - Certificates, Private Keys and Keystore to handle components that were offline or version-mismatched (Collectors) discovered when checking preconditions.

Step 2 - Create certificate chain and keys

Enter values for person or company name owning the certificate in the Issued to (Subject) field, and the Issuer. Then define how long the certificate and private key should be valid and click Create private key. Once the private key is created, click Next to optionally export the generated certificate and key pair to a file.

Backup to a safe location

The exported ZIP contains the generated private key used to encrypt communication. Handle the file with care and store it in a safe location.

Step 3 - Deploy to components

This dialog box shows the result of deploying the key pair to all currently connected tiers, including the server and all connected collectors and clients. This is not enabled for the Memory Analysis Server if you don't use one.

Step 4 - Select components to restart

AppMon Server and Memory Analysis Server (if applicable) always need to be restarted immediately.
Depending on your environment this may take a few minutes to complete.
Check the Collectors check box to restart all currently connected collectors now, or postpone it to later.

After the deployment has finished you can verify usage by navigating to the Certificate Overview horizontal tab. In the case the collectors were not restarted, the newly deployed private key is not applied until a manual restart triggers.