.NET Agent SSL Support
When a .NET Agent establishes a secure (SSL) connection with a Controller, the .NET Agent uses a default mechanism embedded in the .NET framework to verify a Controller (server) certificate which relies on the local Trust Store. As a result, the Controller certificate must be signed by one of the publicly trusted authorities.
Therefore, if the Controller uses:
- a self-signed certificate, or
- a certificate signed by a custom authority
Then the SSL connection cannot be established until:
- a self-signed certificate, or
- a custom authority are manually added to the local Trust Store.
If you do not want to manually add a certificate to the local Trust Store, you can configure the .NET Agent to consume the Controller custom trusted certificate and establish a secured connection automatically.
Limitations
Browser Extensions
Browser Synthetic Monitoring does not support monitoring for the browser extensions../https:/en.wikipedia.org/wiki/Adobe_Flash.dita,../https:/en.wikipedia.org/wiki/Microsoft_Silverlight.dita, orJava applets.
Single-Page Applications (SPAs)
Browser Synthetic Monitoring does not fully support SPA. Instead of reporting the base page and virtual pages separately like Browser RUM does, Browser Synthetic Monitor reports all the virtual pages with the base page, so you will only see one page in the Synthetic Sessions.
Multiple Window Tests
Browser Synthetic Monitoring supports running tests in multiple windows for Firefox and Chrome, butnotfor Internet Explorer Browser.
Supported Configurations
You can configure the Controller Custom Trusted Certificates by providing either a:
- Path to one certificate file: A file may contain one, or multiple valid certificates, in one of these formats:
- Base-64 Encoded X.509 (.cer)
- DER Encoded Binary X.509 (.cer)
- PKCS 7 (.p7b)
- PKCS 12 (.pfx)
Or
- Folder containing multiple certificate files: A folder may contain several files with one or multiple certificates inside; and the folder may contain subfolders. There is no limitation on the structure except that all files in the folder must contain valid certificates; if one file is not a valid certificate, then all of them are ignored.
Select only one of these configurations. If you configure both a certificate file and a certificate folder, then a warning displays alerting you that only the certificate file will be used in the configuration.
Standalone Windows Agent Configuration
Configure the config.json file:
{
"controller": {
"certfile": "C:\certs\certificate.crt",
"certdir": "C:\certs\",
}
}Environment Variables Used for Standalone Windows Agent
Using the command line, set these environment variables to override the config.json file:
APPDYNAMICS_CONTROLLER_SSL_CERTFILE=C:\certs\certificate.crt
APPDYNAMICS_CONTROLLER_SSL_CERTDIR=C:\certs\Agent MSI Agent Configuration
Configure the config.json file without overriding the environment variables:
<appdynamics-agent xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<controller ssl-certificate-file = "C:\certs\certificate.crt" ssl-certificate-directory = "C:\certs\" >
...
</controller>
...
</appdynamics-agent>Parity Difference with Linux .NET Agent <=20.11.x
These are the existing parity differences with Linux .NET Agent <= 20.11.x:
- Certificate files formats are extended.
- Multiple certificates are supported in files.
- There is no name constraint for the files.
- There is no constraint on the folder structure.
- Full framework is supported.
- You are not required to provide a full chain of the Controller certificates. You can configure the .NET Agent trust using an end leaf certificate, or just a custom authority certificate, or both; whichever is convenient.