Importing a keystore file or replacing the certificate for the App Visibility proxy
During installation of the App Visibility proxy, you provide the location of the keystore file that handles SSL-encrypted beacons and injected requests. The values that you provide during installation are saved in the apm-proxy.properties file. If you did not have the keystore file during installation, or if you now need to provide a new one, you must perform one of the procedures in this topic to update the apm-proxy.properties file.
Tip
To collect end-user data, use a signed certificate; that is, a certificate approved by a recognized certificate authority.
If your application pages use only HTTP, you can change the protocol and no certificate is required.
Before you begin
- You must have a keystore file in one of the following formats: PKCS12 (PFX) and JKS.
The PKCS12 and JKS file are both binary encrypted, password-protected files. - The keystore password must match the password of the private key.
- The keystore password cannot contain the following characters: | ^ ; " < > ,
To import a keystore file by interactively executing a script
- From a command line, type one of the following scripts, and press Enter:
- (Windows)
installationDirectory\apm-proxy\bin\import-keystore.bat
- (Linux)
installationDirectory/apm-proxy/bin/import-keystore.sh
- (Windows)
- Provide values at the following prompts:
- Enter the keystore type (
JKS
orPKCS12
). - Enter the keystore full path: The full path to the keystore file must include the file name and extension (
JKS
orPKCS12
). - Enter the keystore password: The plain text password is masked as you type it and it is encrypted in the properties file.
- Enter the keystore alias name.
- Enter the keystore type (
- Restart the relevant App Visibility proxy service:
- (Windows) BMC App Visibility Proxy
- (Linux) adop_apm_proxy
To import a keystore file by silently executing a script
- Encrypt the keystore password by running the following CLI command:
- (Windows)
installationDirectory\apm-proxy\bin\passwordEncrypt.bat newPassword
- (Linux)
installationDirectory/
apm-proxy/
bin/passwordEncrypt.sh newPassword
installationDirectory
is the full path of the installation directorynewPassword
is the clear-text password
A message is displayed during the encryption process.
When encryption is complete, the encrypted password is displayed.
- (Windows)
- Copy the encrypted password to use in the following step.
- From a command line, enter one of the following commands:
- (Windows)
installationDirectory\apm-proxy\bin\import-keystore.bat keyStoreType keyStoreFullPath "keyStoreEncryptedPassword" keyStoreAlias
- (Linux)
installationDirectory/apm-proxy/bin/import-keystore.sh keyStoreType keyStoreFullPath keyStoreEncryptedPassword
keyStoreAlias
-
keyStoreType
is PKCS12 or JKS (Enter only upper-case letters.) -
keyStoreFullPath
is the full path, file name, and file extension of the keystore file keyStoreEncryptedPassword
is the encrypted password to the keystore file. For Windows, the password (keyStoreEncryptedPassword
) must be in quotation marks.keyStoreAlias is the keystore alias.
- (Windows)
- Restart the relevant App Visibility proxy service:
- (Windows) BMC App Visibility Proxy
- (Linux) adop_apm_proxy
Additional resource
Oracle: KeyStores and TrustStores
Where to go from here
Continue App Visibility configuration by performing the following procedures:
- Configuring network settings after the App Visibility server installation
- Configuring App Visibility agents for Java after installation
After you configure the App Visibility system, performing the following procedures:
- Configuring application discovery
- Configuring event thresholds (SLAs) for automatically discovered applications
- For synthetic applications, configure synthetic transactions .
Related topics
Performing the App Visibility server installation
Changing App Visibility proxy settings
Starting and stopping the App Visibility server services
Comments
Log in or register to comment.