Set up a proxy for ActiveGate
To set up a proxy for an ActiveGate, update or add parameters in the following files in the ActiveGate configuration directory:
custom.properties
Settings are specified in:
[http.client.internal]
ActiveGate version 1.207+ Settings specific to communication with the Dynatrace Cluster only.
In particular, this section can contain configuration properties related to proxy settings and connection timeouts.If this section does not exist, communication with the Dynatrace Cluster is defined by the settings in the
[http.client]section. However, if the[http.client.internal]section does exist, but a particular communication setting is not listed there, then, for the purpose of communicating with the Dynatrace Cluster, the value of that setting is assumed to be its factory default (i.e., it is not inherited from[http.client]).[http.client]
Communication settings used for AWS/VMware/Azure monitoring and for communicating with the Dynatrace Cluster (unless overridden in
[http.client.internal]). In particular, this section contains configuration properties related to proxy settings and connection timeouts.[http.client.external]
ActiveGate version 1.207+ Communication settings for specific modules: Cloud Foundry, Kubernetes, and also for Synthetic Monitoring.
In particular, this section can contain configuration properties related to proxy settings and connection timeouts.If this section contains
proxy-off = true, then there is no proxy for the modules. If it contains theproxy-hostproperty, then this is the proxy to be used for the modules.Note: Communication settings specified in
[http.client]are not always used as defaults for the modules: If a particular communication setting is not specified in[http.client.external], then that setting—for Cloud Foundry, Kubernetes or Synthetic Monitoring—will revert to its factory default value, rather than to the value specified in[http.client].
Similarly, if the entire[http.client.external]section does not exist, then all of the communication settings for Kubernetes and Cloud Foundry will revert to their factory default values; however, settings for Synthetic Monitoring will assume values as specified in the[http.client]section.[cloudfoundry_monitoring]ActiveGate version 1.207+ This section can contain proxy settings for communication with Cloud Foundry. If this section contains
proxy-off = true, then there is no proxy for communication with Cloud Foundry. If it contains theproxy-hostproperty, then this is the proxy to be used for Cloud Foundry monitoring, rather than the proxy specified in[http.client.external].
Note: If you have a[cloudfoundry_monitoring]section in yourcustom.propertiesfile, you also need to have an[http.client.external]section, where you should specify all the remaining communication parameters that are to be used for Cloud Foundry communication.[kubernetes_monitoring]
ActiveGate version 1.207+ This section can contain proxy settings for communication with Kubernetes, along with other settings related to fine-tuning communication settings for Kubernetes monitoring.
If this section containsproxy-off = true, then there is no proxy for communication with Kubernetes. If it contains theproxy-hostproperty, then this is the proxy to be used for Kubernetes monitoring, rather than the proxy specified in[http.client.external].
Note: If you have a[kubernetes_monitoring]section in yourcustom.propertiesfile, then you also need to have an[http.client.external]section, where you should specify all of the remaining communication parameters to be used for Kubernetes communication.[synthetic]
ActiveGate version 1.207+ Proxy settings for Synthetic Monitoring. If this section contains
proxy-off = true, then there is no proxy for Synthetic Monitoring. If it contains theproxy-hostproperty, then this is the proxy to be used for Synthetic Monitoring, rather than the proxy specified in[http.client.external](or in[http.client], if[http.client.external]is not defined).
Note: If you have a[synthetic]section in yourcustom.propertiesfile, you can have an[http.client.external]section, where you should specify all of the remaining communication parameters to be used for Synthetic Monitoring. Alternatively, you can specify the remaining communication settings in the[http.client]section.
However, if you do create the[http.client.external]section, you have to specify all of the communication parameters there. Otherwise, the communication parameters for monitored environments (Cloud Foundry, Kubernetes, or Synthetic Monitoring) will revert to their factory defaults.
launcheruserconfig.conf ActiveGate versions 1.205 and earlier
- If the entire section
[http.client.internal]does not exist, communication with the Dynatrace Cluster is defined by the settings in the[http.client]section.
- If the entire section
[http.client.external]does not exist, communication settings for Cloud Foundry and Kubernetes revert to their factory default values. However, Synthetic Monitoring settings, will receive values specified in the[http.client]section.
If the sections [http.client.internal] or [http.client.external] do exist, then communication settings that are not specified explicitly in them, are NOT automatically inherited from the [http.client] configuration section, but revert to factory defaults.
Thus, if you create an [http.client.internal]or [http.client.external] section in your custom.properties file—for example, for the purpose of specifying proxy settings—you need to specify all of the other communication settings here too—even if these settings are the same as those specified in the [http.client] section. Otherwise the communication settings will revert to their factory default values (for the respective connectivity, managed by that section).
For example:
If you have an [http.client.internal] section in your custom.properties file, but you do not re-list a particular communication property in it, then this communication setting will revert to the factory default value, for communication with the Dynatrace Cluster. Similarly, settings not re-listed in [http.client.external], will revert to factory defaults, for Cloud Foundry, Kubernetes and Synthetic.
- Specifying all communication settings:
To configure communication settings in the
[http.client.internal]or[http.client.external]section, first re-list the current settings, then customize as required. To re-list the parameters, first, open theconfig.propertiesfile and copy all the properties from the[http.client]section in that file to the required section in thecustom.propertiesfile. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values just copied fromconfig.properties.
Specify common proxy settings for Dynatrace Cluster communication and AWS/VMware/Azure monitoring
To configure proxy for communication with Dynatrace Cluster and for AWS/VMware/Azure monitoring, edit the [http.client] section of the custom.properties file.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [http.client] section of the custom.properties file— including those parameters related to authentication, if required:
[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
optional ActiveGate version 1.207+
Add parameter proxy-non-proxy-hosts to list hosts that should be accessed without going through the proxy. The items in the list should be separated by the '|' (pipe) character. For a full description of allowed syntax, see the syntax for the http.nonProxyHosts parameter in Networking Properties:
proxy-non-proxy-hosts = host1|host2|host3
Save the custom.properties file and restart the ActiveGate service.
Note:
- After applying this configuration, the same proxy server will be used for communication with Dynatrace Cluster and AWS/VMware/Azure. To have separate settings for Dynatrace Cluster communication, follow instructions in Set up proxy only for Dynatrace Cluster communication
- Settings specified in
[http.client]are not used for connectivity to Cloud Foundry or Kubernetes. Even if there are no sections appropriate for these types of connectivity (that is, no[http.client.external]or[kubernetes_monitoring]sections) in the ActiveGate configuration, settings specified in[http.client]are NOT automatically used for Cloud Foundry or Kubernetes: factory defaults are used instead.
For information how to specify[http.client]settings during installation, see Customize ActiveGate installation.
Set up proxy for AWS/VMware/Azure monitoring (and exclude Dynatrace Cluster)
You can specify proxy configuration—for communication between ActiveGate and Dynatrace Cluster and for AWS/VMware/Azure monitoring, in the [http.client] section of the custom.properties file, as described in Set up proxy for Dynatrace Cluster communication and AWS/VMware/Azure monitoring.
These settings can then be overridden for Dynatrace Cluster, by specifying custom settings in [http.internal]. To exclude the Dynatrace Cluster from proxy settings, and to disable proxy for Dynatrace Cluster, specify proxy-off=true in the [http.client.internal] section of the custom.properties file.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [http.client] section of the custom.properties file—including those parameters related to authentication, if required:
[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Exclude the Dynatrace Cluster from the proxy settings (or provide different, custom proxy settings for Dynatrace Cluster). This needs to be done in the [http.client.internal] section of the custom.properties file:
[http.client.internal]
proxy-off=true
Because settings listed in [http.client.internal]—which are specific to communication with the Dynatrace Cluster only—are NOT automatically inherited from [http.client], you will need to repeat here all non-proxy related communication settings from [http.client], with optional customizations as rquired. Otherwise—if there is an [http.client.internal] section in your custom.properties file—all the non-proxy related settings for Dynatrace Cluster communication will revert to factory defaults.
- To configure communication settings in
[http.client.internal], first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.
For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
If you want to set up the proxy only for ActiveGate communication to the monitored environment, define the proxy settings in the launcheruserconfig.conf file using a set of Java system properties with -D option after -vmargs.
Stop the ActiveGate service and edit the launcheruserconfig.conf file.
Set the host name of the proxy server (-Dhttp.proxyHost and -Dhttps.proxyHost) and the port number (-Dhttp.proxyPort and -Dhttps.proxyPort). You can either append the parameters and values or update the values if the parameters already exist. It is important to specify the parameter values for both HTTP and HTTPS.
For example:
-vmargs
-Dhttp.proxyHost=127.0.0.1
-Dhttps.proxyHost=127.0.0.1
-Dhttp.proxyPort=8080
-Dhttps.proxyPort=8080
Additional proxy settings that you can set:
-Dhttp.proxyUser
-Dhttps.proxyUser
-Dhttp.proxyPassword
-Dhttps.proxyPassword
-Dhttp.nonProxyHosts
By default, the -Dhttp.nonProxyHosts parameter applies to both HTTP and HTTPS, and it can remain defined only as HTTP.
For a full description of allowed syntax, see Networking Properties.
Specify common proxy settings for Cloud Foundry, Kubernetes and Synthetic Monitoring
ActiveGate version 1.207+
To configure proxy for the Cloud Foundry and Kubernetes modules, specify the proxy settings in the [http.client.external] section of the custom.properties file. Alternatively, specify proxy-off = true in this section to turn off proxy settings for Cloud Foundry and Kubernetes.
Proxy settings specified [http.client.external] affect Cloud Foundry monitoring, Kubernetes monitoring, and Synthetic Monitoring, unless overridden in configuration sections dedicated to these connectivities.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [http.client.external] section of the custom.properties file—including those parameters related to authentication, if required:
[http.client.external]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Alternatively, to turn off proxy for the modules:
proxy-off = true
Because settings listed in [http.client.external]—which are specific to communication with Cloud Foundry or Kubernetes monitoring—are NOT automatically inherited from [http.client], you will need to specify here all non-proxy related communication settings from [http.client], with optional customizations as required. Otherwise all other communication settings for the modules, will revert to factory defaults.
- To configure communication settings in the
[http.client.external]section, first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.
For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
Set up proxy only for Kubernetes monitoring
ActiveGate version 1.207+
To specify proxy configuration exclusively for Kubernetes, and not for communicating with Cloud Foundry or Synthetic Monitoring, use the [kubernetes_monitoring] section in the custom.properties file. Proxy settings specified here, take precedence over the settings specified in [http.client.external]. You can also specify proxy-off = true in the [kubernetes_monitoring] section, to turn off proxy for Kubernetes.
Use the [kubernetes_monitoring] section of the configuration only for proxy-related settings. To specify other accompanying communication settings, use the [http.client.external] section.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [kubernetes_monitoring] section of the custom.properties file—including those parameters related to authentication, if required. Alternatively specify proxy-off = true to turn off proxy settings for Kubernetes.
[kubernetes_monitoring]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
or to turn off proxy for Kubernetes:
[kubernetes_monitoring]
proxy-off = true
In the [http.client.external] section in your custom.properties file, specify all non-proxy related communication settings for Kubernetes. These settings will also apply to Cloud Foundry and Synthetic Monitoring.
Note that communication settings specified in the [http.client] section, are not automatically used for Kubernetes or Cloud Foundry, and—if not specifed in [http.client.external]—they will revert to factory defaults, for Cloud Foundry and Kubernetes.
-
To configure communication settings in the
[http.client.external]section, first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
Set up proxy only for Cloud Foundry monitoring
ActiveGate version 1.207+
To specify proxy configuration exclusively for Cloud Foundry, and not for communicating with Kubernetes or Synthetic Monitoring, use the [cloudfoundry_monitoring] section in the custom.properties file. Proxy settings specified here, take precedence over the settings specified in [http.client.external]. You can also specify proxy-off = true in the [cloudfoundry_monitoring] section, to turn off proxy for Cloud Foundry.
Use the [cloudfoundry_monitoring] section of the configuration only for proxy-related settings. To specify other accompanying communication settings, use the [http.client.external] section.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [cloudfoundry_monitoring] section of the custom.properties file—including those parameters related to authentication, if required. Alternatively specify proxy-off = true to turn off proxy settings for Cloud Foundry.
[cloudfoundry_monitoring]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
or to turn off proxy for Cloud Foundry:
[cloudfoundry_monitoring]
proxy-off = true
In the [http.client.external] section in your custom.properties file, specify all non-proxy related communication settings for Cloud Foundry. These settings will also apply to Kubernetes and Synthetic Monitoring.
Note that communication settings specified in the [http.client] section, are not automatically used for Cloud Foundry or Cloud Foundry, and—if not specified in [http.client.external]—they will revert to factory defaults, for Cloud Foundry and Cloud Foundry.
-
To configure communication settings in the
[http.client.external]section, first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
Set up proxy only for Dynatrace Cluster communication
To configure proxy exclusively for Dynatrace Cluster, use the [http.client.internal] section in the custom.properties file.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
In custom.properties file, create the [http.client.internal] section (if the section does not already exist).
In the custom.properties file, in the [http.client.internal] section, specify parameters related to proxy, including those related to authentication, if required:
[http.client.internal]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Because settings listed in [http.client.internal]—specific to communication with the Dynatrace Cluster only—are NOT automatically inherited from [http.client], you will need to repeat here all non-proxy related communication settings from [http.client], with optional customizations as rquired. Otherwise—if there is an [http.client.internal] section in your custom.properties file—all the non-proxy related settings for Dynatrace Cluster communication will revert to factory defaults.
- To configure communication settings in the
[http.client.internal]section, first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.
For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [http.client] section of the custom.properties file—including those parameters related to authentication, if required:
[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Save the custom.properties file.
Edit the launcheruserconfig.conf file.
Define the nonProxyHosts parameter in the launcheruserconfig.conf file as * using a set of Java system properties with -D option after -vmargs. The nonProxyHosts parameter indicates the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The wildcard character * indicates that all hosts should be accessed directly even if a proxy server is specified.
For full description of allowed syntax, see Networking Properties.
For example:
-vmargs
-Dhttp.nonProxyHosts=*
Save the launcheruserconfig.conf file and restart the ActiveGate service.
Set up proxy for private Synthetic monitoring
To set up a proxy for communication with the tested resource, set the properties in the [synthetic] section. To set up a proxy for communication with the Dynatrace server, set the properties in the [http.client] section. For more information, see Set up a proxy for private synthetic monitoring.
Exclude hosts from proxy communication
Excluding hosts from proxy communication is configured by means of the proxy-non-proxy-hosts parameter configured in the custom.properties file.
The proxy-non-proxy-hosts parameter—if specified in the [http.client] section of the custom.properties file—affects ActiveGate communication with the Dynatrace Cluster as well as communication with AWS/VMware/Azure.
proxy-non-proxy-hosts specified in the [http.client.external] section of the custom.properties file, it will affect ActiveGate communication only for the modules (Cloud Foundry, Kubernetes,
Synthetic Monitoring).
You can also specify proxy-non-proxy-hosts exclusively for Kubernetes, by placing the parameter in the [kubernetes_monitoring] section, or in [cloudfoundry_monitoring] for Cloud Foundry.
Note: If you create an [http.client.external] section in your custom.properties file, you need to specify all of the other communication settings in that section too, as they should apply to the modules (Clound Foundry, Kubernetes or Synthetic Monitoring). This is because communication settings specified in the [http.client] section of ActiveGate configuration are not automatically inherited by the [http.client.external] section.
If you do not do re-specify all of the communications settings, the respective settings for the modules (as managed by [http.client.external]), will revert to factory defaults.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The value of this property is a list of hosts separated by the '|' (pipe) character. In addition, you can use the wildcard character '*' for pattern matching. There can be only one wildcard character, either at the beginning or the end of the hostname. For example, proxy-non-proxy-hosts=*.foo.com|localhost indicates that every host in the foo.com domain and the localhost should be accessed directly even if a proxy server is specified. For a full description of allowed syntax, see the syntax for the http.nonProxyHosts parameter in Networking Properties.
For example:
[http.client]
proxy-non-proxy-hosts=hostname0*|10.1.*
Restart the ActiveGate service.
Excluding hosts from proxy communication is configured by means of the nonProxyHosts parameter configured in the launcheruserconfig.conf file.
The nonProxyHosts parameter configured in the launcheruserconfig.conf file affects only communication between the ActiveGate and the monitored environment. For example, it may be a cloud technology such as AWS or VMware, or a resource monitored by your private monitors executed on a synthetic-enabled ActiveGate.
Stop the ActiveGate service and edit the launcheruserconfig.conf file. See Configure ActiveGate launcher.
Specify the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The value of this property is a list of hosts separated by the '|' (pipe) character. In addition, you can use the wildcard character '*' for pattern matching. There can be only one wildcard character, either at the beginning or the end of the hostname. For example, nonProxyHosts=*.foo.com|localhost indicates that every host in the foo.com domain and the localhost should be accessed directly even if a proxy server is specified.
Make sure that the proxy parameters are preceded by the -vmargs flag.
For example:
-vmargs
-Dhttp.nonProxyHosts=hostname0*|10.1.*
The syntax for specifying the http.nonProxyHosts parameter can vary depending on your JVM version. Single quotation marks or double quotation marks might be required for your version of JVM.
For a full description of allowed syntax, see, for example, Networking Properties.
For example:
-vmargs
-Dhttp.nonProxyHosts='hostname0*|10.1.*'
or
-vmargs
-Dhttp.nonProxyHosts="hostname0*|10.1.*"
or
-vmargs
-Dhttp.nonProxyHosts="hostname0*|10.1.*"
Restart the ActiveGate service.
Certificate management for Cloud Foundry, Kubernetes, and OpenShift communication
If you're using self-signed certificates for communication to external APIs (for example, for the Cloud Foundry and Kubernetes APIs), you can either add the certificate to the truststore or disable certificate validation in the custom.properties file.
Add the self-signed certificate to the truststore
ActiveGate version 1.167
Use the method described in Configure trusted root certificates on ActiveGate.
ActiveGate version 1.169+
Bring in the certificate from your cloud provider.
In the following example, we extract the certificate from google.com and save it locally as dt_k8s_api.pem. The command is the same for Windows and Linux, assuming you have openssl installed on Windows.
echo Q | openssl s_client -connect google.com:443 | openssl x509 -outform PEM > dt_k8s_api.pem
For Kubernetes, you can use the following command sequence to get the certificate:
[root@host]# API_ENDPOINT_URL=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
[root@host]# if [[ $API_ENDPOINT_URL =~ (https?://.*):(\d*) ]]; then API_SERVER_PORT=$API_ENDPOINT_URL; else API_SERVER_PORT="$(echo $API_ENDPOINT_URL | sed -e "s/https:\/\///"):443"; fi
[root@host]# echo -e "${YLW} API server:${NC} ${API_SERVER_PORT}"
[root@host]# echo Q | openssl s_client -connect $API_SERVER_PORT 2>/dev/null | openssl x509 -outform PEM > dt_k8s_api.pem
Add the certificate to the keystore.
You can provide a full path to the pem file location (including paths to remote locations) using the -file parameter, or copy the pem file to your ActiveGate and provide only the filename as indicated in the example.
[root@host]# sudo /opt/dynatrace/gateway/jre/bin/keytool -import -file dt_k8s_api.pem -alias dt_k8s_api -keystore /var/lib/dynatrace/gateway/ssl/mytrusted.jks
If you import multiple certificates, make sure that you provide a unique alias for each certificate that you import. If you use the same alias for each certificate, all previously used certificates will be overwritten.
You can display the list of aliases and the certificate description using the keytool -list command.
For example:
# sudo /opt/dynatrace/gateway/jre/bin/keytool -list -keystore /var/lib/dynatrace/gateway/ssl/mytrusted.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
dt_k8s_api, Apr 26, 2020,
trustedCertEntry,
Certificate fingerprint (SHA-256): 07:28:9A:F2:29:32:0D:64:F0:18:93:A1:CC:2E:49:21:E9:DA:40:82:9B:A8:71:B7:A4:2C:6D:8C:B3:90:31:31
Add the following entries in the /var/lib/dynatrace/gateway/config/custom.properties file.
The entry in the custom.properties file may look like this:
[collector]
trustedstore = mytrusted.jks
# the following entries are optional
trustedstore-password = changeit
trustedstore-type = JKS
The password will be stripped and encrypted when you restart the ActiveGate service.
Restart ActiveGate services.
Disable certificate validation
Disabling certificate validation isn't recommended because it imposes security risks. However, if you still want to disable certificate validation for test environments, you need to do the following:
- From the Dynatrace menu, select Settings > Cloud and virtualization > Kubernetes.
- Look for your cluster and select the Edit button next to it to edit the cluster settings.
- Disable Require valid certificates for communication with API server.
- Disable Verify hostname in certificate against Kubernetes API URL.
- Select Save to save your changes.
These setting override the settings in the ActiveGate
custom.propertiesfile.
Disable the hostname-verification and certificate-validation properties by adding the following to the [http.client.external] section of your custom.properties file:
[http.client.external]
hostname-verification = false
certificate-validation = false
ActiveGate version 1.187+
You can now deactivate certificate validation for test environments by disabling the setting Require valid certificates for communication with API server in the web UI.