Page tree
Skip to end of metadata
Go to start of metadata

During installation of the App Visibility proxy, you provide the location of the keystore file that handles SSL-encrypted beacons and injected requests. The values that you provide during installation are saved in the file. If you did not have the keystore file during installation, or if you now need to provide a new one, you must use one of the following procedures to update the file:


To collect end-user data, use a signed certificate; that is, a certificate approved by a recognized certificate authority.

If your application pages use only HTTP, you can change the protocol and no certificate is required.

Before you begin

  • You must have a keystore file in one of the following formats: PKCS12 (PFX) and JKS.
    The PKCS12 and JKS file are both binary encrypted, password-protected files. 
  • The keystore password must match the password of the private key. 
  • The keystore password cannot contain the following characters: | ^ ; " < > ,

To import a keystore file by interactively executing a script

  1. From a command line, type one of the following scripts, and press Enter:
    • (Windows) portalInstallationDirectory\apm-proxy\bin\import-keystore.bat
    • (Linux)  protalInstallationDirectory/ apm-proxy/bin/
  2. Provide values at the following prompts:
    1. Enter the keystore type (JKS or PKCS12)
    2. Enter the keystore full path: The full path to the keystore file must include the file name. 
    3. Enter the keystore password: The plain text password is masked as you type it and it is encrypted in the properties file.
  3. Restart the relevant App Visibility proxy service:
    • (Windows) BMC App Visibility Proxy
    • (Linux) adop_apm_proxy

To import a keystore file by silently executing a script

  1. Copy the encrypted password to use in the following step.
  2. From a command line, enter one of the following commands:
    • (Windows)  installationDirectory\apm-proxy\bin\import-keystore.bat keyStoreType keyStoreFullPath keyStoreEncryptedPassword
    • (Linux)  installationDirectory/ apm-proxy/bin/ keyStoreType keyStoreFullPath keyStoreEncryptedPassword
    • keyStoreType is PKCS12 or JKS (Do not enter lower-case characters.)
    • keyStoreFullPath is the full path and file name of the keystore file
    • keyStoreEncryptedPassword is the encrypted password to the keystore file
  3. Restart the relevant App Visibility proxy service:
    • (Windows) BMC App Visibility Proxy
    • (Linux)  adop_apm_proxy

Additional resource

Oracle: KeyStores and TrustStores

Where to go from here

After you configure the App Visibility system, performing the following procedures:

Related topics

Performing the App Visibility server installation

Changing App Visibility proxy settings

Starting and stopping the App Visibility server services

Security planning for Presentation Server

Security planning for Infrastructure Management



  1. i have inquiry regrading this section if i have only one proxy server and i have used this proxy server when installing .Net agents on two applications and these applications is HTTPS how can i upload two certificates in this proxy and how can i define this SSL handle application 1 and other SSL handle application 2

    1. Hi Mohamed,

      The keystore for the App Visibility proxy should be supplied according to its hosting domain, as described in the steps in this topic. It doesn’t matter that the applications are on different HTTPS servers since the agents do not interact directly with the proxy.