Ignoring SSL certificates

[pahofmann]

The detailed example mentions a ISSLTrustManager can be used to allow untrusted SSL certificates.
Could you provide an example of the setup for the ISSLTrustManager and how to pass it to openkit?

[stefaneberl]

Hi Patrick!

Thank you for your question.

The ISSLTrustManager is the interface that can be passed to the DynatraceOpenKitBuilder as well as the AppMonOpenKitBuilder.

OpenKit offers two implementations

• SSLStrictTrustManager - used by default - which only accepts valid server certificates https://github.com/Dynatrace/openkit-dotnet/blob/main/src/Dynatrace.OpenKit/Protocol/SSL/SSLStrictTrustManager.cs
• SSLBlindTrustManager accepting any certificate offered by the server https://github.com/Dynatrace/openkit-dotnet/blob/main/src/Dynatrace.OpenKit/Protocol/SSL/SSLBlindTrustManager.cs Please be aware that SSLBlindTrustManager shall not be used in production.

Example of how to use SSLBlindTrustManager

var openKit = new DynatraceOpenKitBuilder(BeaconEndpoint, CustomAppUuid, DeviceIdentifier)
    .WithApplicationVersion("1.0.0")
    .WithOperatingSystem(Environment.OSVersion.VersionString)
    .WithTrustManager(new SSLBlindTrustManager()) // this line overides the default SSLStrictTrustManager
    .WithDataCollectionLevel(DataCollectionLevel.USER_BEHAVIOR)
    .WithCrashReportingLevel(CrashReportingLevel.OPT_IN_CRASHES)
    .EnableVerbose()
    .Build();

If you want to implement your own SSLTrustManager, you'll need to implement the ISSLTrustManager interface, which consists of only one getter property, that returns an RemoteCertificateValidationCallback. Details about the RemoteCertificateValidationCallback can be found in the official Microsoft documentation https://docs.microsoft.com/en-us/dotnet/api/system.net.security.remotecertificatevalidationcallback?view=netcore-3.1

Best Stefan

[pahofmann]

Thank you very much vor the quick reply!