Each extension uploaded to a Dynatrace environment must be signed so that Dynatrace can verify the authenticity and integrity of the extension. After you've signed your extension, each host running your extension, whether OneAgent or ActiveGate, needs to have the root certificate saved in a dedicated directory.
Depending on your needs, choose one of the following methods to sign and build your extension:
dt-extensions-sdk
- an all-in-one CLI tool recommendedYou can also use the Dynatrace CLI (dt-cli
) to sign your extension. Since its features are fully contained within dt-extensions-sdk
CLI, only use it as a lighter alternative for CI/CD environments.
Read more about dt-cli
on GitHub.
Each host running your extension, whether OneAgent or ActiveGate, needs to have the root certificate saved in a dedicated directory. This step is required to enhance the security of the Extensions framework.
By doing this:
For JMX extensions, you only need to place the certificate on the Dynatrace cluster.
Upload your root certificate to each ActiveGate host within the ActiveGate group selected for running your extensions
Save the root.pem
certificate file in the following location:
<CONFIG>/remotepluginmodule/agent/conf/certificates/
(default: /var/lib/dynatrace/remotepluginmodule/agent/conf/certificates/
)%PROGRAMDATA%\dynatrace\remotepluginmodule\agent\conf\certificates
Upload your root certificate to each OneAgent host or each OneAgent host within the host group selected for running your extensions.
Save the root.pem
certificate file in the following location:
/var/lib/dynatrace/oneagent/agent/config/certificates
%PROGRAMDATA%\dynatrace\oneagent\agent\config\certificates