This page describes how to manage the certificate chain and key pair used by the AppMon SSL communication subsystem. See Certificate Management configuration for imformation on certificate configuration, including generating, importing, and deploying self-signed and user defined certificates.
Setting up SSL communication
By default, the AppMon Client connects on port 2021 using SSL (no UI to change that), so they use the mechanism right away.
By default Collectors connect to an AppMon Server on port 6699 (SSL), so if you want to use non-SSL, select connected Collectors in the Client by selecting Settings > Dynatrace Server > Collectors and changing Connect to Server to 6698.
For disconnected Collectors change
<DT_HOME>/collector/conf/collector.config.xml (or in
So far Agents do not use SSL.
See Set up SSL Communication for a more detailed description.
Migration from customer-provided keystores
.jks keystores are not supported for AppMon 6.3 and later and are not automatically migrated. Instead of replacing keystores on every component manually, use settings in Settings > Dynatrace Server > Certificate Management to change the certificate and key pair used to secure the communication. The certificate and keys are automatically deployed to all components where they are needed.
See Advanced Features - Certificates, Private Keys and Keystore for information on avoiding keys to deploy to the Client and Collector.
The customer-provided keystore used by the Web UI (given as system property) is not automatically migrated. See the Upgrade and Migration Guide for more information.
Currently used certificate
To examine the certificate and key pair that are currently in use, switch to the Overview horizontal tab. See Certificate Overview for more information.
Deploy a new private key pair and certificate
The Deploy Certificate page documents the necessary steps to replace the currently used certificate with a new one.
Troubleshooting SSL communication
See Advanced Features - Certificates, Private Keys and Keystore if you have components that can't connect after replacing the certificate or wish to setup a more complex environment.