Importing a keystore file or replacing the certificate for the App Visibility proxy

During installation of the App Visibility proxy, you provide the location of the keystore file that handles SSL-encrypted beacons and injected requests. The values that you provide during installation are saved in the apm-proxy.properties file. If you did not have the keystore file during installation, or if you now need to provide a new one, you must perform one of the procedures in this topic to update the apm-proxy.properties file.

Tip

To collect end-user data, use a signed certificate; that is, a certificate approved by a recognized certificate authority.

If your application pages use only HTTP, you can change the protocol and no certificate is required.

Before you begin

You must have a keystore file in one of the following formats: PKCS12 (PFX) and JKS.
The PKCS12 and JKS file are both binary encrypted, password-protected files.
The keystore password must match the password of the private key.
The keystore password cannot contain the following characters: | ^ ; " < > ,

To import a keystore file by interactively executing a script

From a command line, type one of the following scripts, and press Enter:
- (Windows) installationDirectory\apm-proxy\bin\import-keystore.bat
- (Linux) installationDirectory/apm-proxy/bin/import-keystore.sh
Provide values at the following prompts:
1. Enter the keystore type (JKS or PKCS12).
2. Enter the keystore full path: The full path to the keystore file must include the file name and extension (JKS or PKCS12).
3. Enter the keystore password: The plain text password is masked as you type it and it is encrypted in the properties file.
4. Enter the keystore alias name.
Restart the relevant App Visibility proxy service:
- (Windows) BMC App Visibility Proxy
- (Linux) adop_apm_proxy

To import a keystore file by silently executing a script

Encrypt the keystore password by running the following CLI command:
- (Windows) installationDirectory\apm-proxy\bin\passwordEncrypt.bat newPassword
- (Linux) installationDirectory/ apm-proxy/bin/passwordEncrypt.sh newPassword
Where:
- installationDirectory is the full path of the installation directory
- newPassword is the clear-text password
C:\Program Files\BMC Software\App Visibility\apm-proxy\bin\passwordEncrypt.bat myAppVisibilityProxyPassword
A message is displayed during the encryption process.
When encryption is complete, the encrypted password is displayed.
Copy the encrypted password to use in the following step.
From a command line, enter one of the following commands:
- (Windows) installationDirectory\apm-proxy\bin\import-keystore.bat keyStoreType keyStoreFullPath "keyStoreEncryptedPassword" keyStoreAlias
- (Linux) installationDirectory/apm-proxy/bin/import-keystore.sh keyStoreType keyStoreFullPath keyStoreEncryptedPassword keyStoreAlias
Where:
- keyStoreType is PKCS12 or JKS (Enter only upper-case letters.)
- keyStoreFullPath is the full path, file name, and file extension of the keystore file
- keyStoreEncryptedPassword is the encrypted password to the keystore file. For Windows, the password (keyStoreEncryptedPassword) must be in quotation marks.
- keyStoreAlias is the keystore alias.
  Example
  (Windows)
  C:\Program Files\BMC Software\App Visibility\apm-proxy\bin\import-keystore.bat JKS C:\Program Files\BMC Software\App Visibility\myKeystore.JKS "z1x2c3v4b5n6m777" proxyKeystoreAlias
Restart the relevant App Visibility proxy service:
- (Windows) BMC App Visibility Proxy
- (Linux) adop_apm_proxy

Additional resource

Oracle: KeyStores and TrustStores

Where to go from here

Continue App Visibility configuration by performing the following procedures:

After you configure the App Visibility system, performing the following procedures:

Configuring application discovery
Configuring event thresholds (SLAs) for automatically discovered applications
For synthetic applications, configure synthetic transactions.