Customers are concerned about mysterious error messages appear in the dxagent.error.log and DXagentService.log. Sample messages including

Error in HTTPServer.tick
Traceback (most recent call last):
  File "D:\CA\Directory\dxserver\dxagent\python-embed-amd64\lib\site-packages\cheroot\server.py", line 1770, in serve
    self.tick()
  File "D:\CA\Directory\dxserver\dxagent\python-embed-amd64\lib\site-packages\cheroot\server.py", line 1993, in tick
    conn = self.connections.get_conn(self.socket)
  File "D:\CA\Directory\dxserver\dxagent\python-embed-amd64\lib\site-packages\cheroot\connections.py", line 180, in get_conn
    return self._from_server_socket(server_socket)
  File "D:\CA\Directory\dxserver\dxagent\python-embed-amd64\lib\site-packages\cheroot\connections.py", line 199, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "D:\CA\Directory\dxserver\dxagent\python-embed-amd64\lib\site-packages\cheroot\ssl\builtin.py", line 113, in wrap
    s = self.context.wrap_socket(
  File "ssl.py", line 500, in wrap_socket
  File "ssl.py", line 1040, in _create
  File "ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: WRONG_SSL_VERSION] wrong ssl version (_ssl.c:1129

and sometimes messages like CLIENT Certificate Not Specified.

Directory 14.1
Component: CA Directory

These messages are caused by invalid attempts to access the dxagent through its RestAPI interface. These are invalid client access attempts and hence under normal circumstances are harmless.

The following sample documentation links can help understand how the dxagent can be configured and how it works in general. For more information please consult the product documentation

• DXagent Configuration and Logging
• About DXagent

To reproduce similar messages in the these logs, you can use a Browser to access the DXAgent RestAPI Swagger UI, here the DXAGENT_HOST is the machine name or IP address to get to the Directory Server, 9443 is the default port number for DXAgent RestAPI Swagger UI:

https://DXAGENT_HOST:9443/ca/api/dxagent/v1.0/doc/dxagent-api.html

As you are attempting to access it, there is a good chance that you may not have a client certificate with a private key accessible by your Browser. If that is the case, then you will be seeing error message similar to what is shown in the Issue/Introduction of this article. This Swagger UI can only be accessed through the client certificate that was created during the setup of the DXAgent. You can usually find two sets of certificates under 

%DXHOME%\dxagent\openssl-ca\out, or $DXHOME/dxagent/openssl-ca/out

the certificate that has a p12 file is the client certificate you need to import into the Browser. You do need to know the p12 password to import it. This password was provided during the time the dxagent was setup, or you can use the corresponding .key and .pem files there and possibily the openssl utility to manually create another p12 file in order to import it into your Browser.

Once you have at least a certificate accessible by the Browser, the attempt to go to the Swagger UI will cause the Browser to prompt you to pick a certificate to access it. With the right certificate picked, the attempt to access the Swagger UI will be successful and the activities through the Swagger UI will be logged in the dxagent.access.log file.