This document enables users to explore SSL issues in monitored Kubernetes systems and understand the role of SSL certificates in PDC integration.
Background and terminology
Review the following information before installing Secure Sockets Layer (SSL) certificates.
- Pega Diagnostic Center (PDC) services only accept HTTPS encrypted data.
- Monitored systems must have the *.pegacloud.com SSL certificate or certificate chain installed.
- Monitored systems send data to PDC through three channels: alerts, exceptions, and node health.
- The two standard keystores used are the operating system keystore and the Java virtual machine (JVM) keystore.
SSL certificates and PDC integration
To send health stats, alerts, and exceptions to PDC, Pega Appenders can only use SSL certificates that are installed in the JVM truststore. For simplicity and consistency, only install SSL certificates in the JVM.
If you are unable to send health stats, alerts, and exceptions to PDC but can test connectivity and manually use one of the push agents in PegaAESRemote to send REST data to PDC, there might be an issue with SSL certificate installation. To confirm, enable debug on the following Java classes and check the logs.
- com.pega.pegarules.priv.util.logging.SOAPAppenderPega
- httpclient.wire.content
- com.pega.pegarules.integration.engine.internal.connect.rest.RESTConnector
- httpclient.wire.header
For more information about logger settings, refer to Configuring logger settings.
Installing SSL certificates in a Kubernetes environment
To install SSL certificates in a Kubernetes environment, refer to the following documentation: