Importing a keystore file or replacing the certificate for the App Visibility proxy
During installation of the App Visibility proxy, you provide the location of the keystore file that handles SSL-encrypted beacons and injected requests. The values that you provide during installation are saved in the apm-proxy.properties file. If you did not have the keystore file during installation, or if you now need to provide a new one, you must perform one of the procedures in this topic to update the apm-proxy.properties file.
Before you begin
- You must have a keystore file in one of the following formats: PKCS12 (PFX) and JKS.
The PKCS12 and JKS file are both binary encrypted, password-protected files. - The keystore password must match the password of the private key.
- The keystore password cannot contain the following characters: | ^ ; " < > ,
To import a keystore file by interactively executing a script
- From a command line, type one of the following scripts, and press Enter:
- (Windows) installationDirectory\apm-proxy\bin\import-keystore.bat
- (Linux) installationDirectory/apm-proxy/bin/import-keystore.sh
- Provide values at the following prompts:
- Enter the keystore type (JKS or PKCS12).
- Enter the keystore full path: The full path to the keystore file must include the file name and extension (JKS or PKCS12).
- Enter the keystore password: The plain text password is masked as you type it and it is encrypted in the properties file.
- Enter the keystore alias name.
- Restart the relevant App Visibility proxy service:
- (Windows) BMC App Visibility Proxy
- (Linux) adop_apm_proxy
To import a keystore file by silently executing a script
Encrypt the keystore password by running the following CLI command:
- (Windows) installationDirectory\apm-proxy\bin\passwordEncrypt.bat newPassword
- (Linux) installationDirectory/ apm-proxy/bin/passwordEncrypt.sh newPassword
Where:
- installationDirectory is the full path of the installation directory
- newPassword is the clear-text password
A message is displayed during the encryption process.
When encryption is complete, the encrypted password is displayed.
- (Windows) installationDirectory\apm-proxy\bin\passwordEncrypt.bat newPassword
- Copy the encrypted password to use in the following step.
From a command line, enter one of the following commands:
- (Windows) installationDirectory\apm-proxy\bin\import-keystore.bat keyStoreType keyStoreFullPath "keyStoreEncryptedPassword" keyStoreAlias
- (Linux) installationDirectory/apm-proxy/bin/import-keystore.sh keyStoreType keyStoreFullPath keyStoreEncryptedPassword keyStoreAlias
Where:
- keyStoreType is PKCS12 or JKS (Enter only upper-case letters.)
- keyStoreFullPath is the full path, file name, and file extension of the keystore file
- keyStoreEncryptedPassword is the encrypted password to the keystore file. For Windows, the password (keyStoreEncryptedPassword) must be in quotation marks.
keyStoreAlias is the keystore alias.
- Restart the relevant App Visibility proxy service:
- (Windows) BMC App Visibility Proxy
- (Linux) adop_apm_proxy
Additional resource
Oracle: KeyStores and TrustStores
Where to go from here
Continue App Visibility configuration by performing the following procedures:
- Configuring-network-settings-after-the-App-Visibility-server-installation
- Configuring-App-Visibility-agents-for-Java-after-installation
After you configure the App Visibility system, performing the following procedures:
For synthetic applications, configure synthetic transactions.
Related topics
Performing-the-App-Visibility-server-installationChanging App Visibility proxy settingsStarting and stopping the App Visibility server services
Security-planning-for-Presentation-Server
Security-planning-for-Infrastructure-Management