App Visibility components and the properties files that manage certificates
To use your own security certificate, put a certificate on each component, and then edit the properties files on each component to use the new certificates and password.
Notes
Tip
truststoreFileName.cer, where truststoreFileName is your custom certificate file name, and the file is in X.509/PKCS#7 format
Note
The truststore file for the agent for .NET must have the .cer file extension.
Warning
For each App Visibility server component, perform the following procedure.
The following table lists the file paths and file names of the properties files for the App Visibility server components. The keystore and truststore files are located in the installationDirectory/component/security directory (default installationDirectory is C:\Program Files\BMC Software\App Visibility for Windows and /opt/bmc/App_Visibility for Linux).
In the properties files, you must provide a relative path to the keystore and truststore files in the security directory. App Visibility server security files and parameters portalInstallationDirectory/portal/properties/portal.properties collectorInstallationDirectory/collector/properties/collector.properties proxyInstallationDirectory/apm-proxy/properties/apm-proxy.properties * Use a forward slash (/) for file paths, even on Windows systems. TipProperties file Parameter* key.store.file.path=relativePath/keystoreFileName.jks
trust.store.file.path=relativePath/truststoreFileName.jks
key.store.password.enc=encryptedPassword
key.store.alias=keystoreAlias
key.store.file.path=relativePath/keystoreFileName.jks
trust.store.file.path=relativePath/truststoreFileName.jks
key.store.password.enc=encryptedPassword
key.store.alias=keystoreAlias
key.store.file.path=relativePath/keystoreFileName.jks
trust.store.file.path=relativePath/truststoreFileName.jks
key.store.password.enc=encryptedPassword
key.store.alias=keystoreAlias
keystoreFileName.jks
,
truststoreFileName.jks
,
encryptedPassword
,
keystoreAlias
.
For each App Visibility agent for Java, perform the following procedure.
Replace the default file name of the keystore and truststore with the names of your files:
key.store.file.name=keystoreFileName.jks
trust.store.file.name=truststoreFileName.jks
Replace the default password with your encrypted password value:
key.store.password.enc=encryptedPassword
The system uses the password only for the keystore.
For each App Visibility agent for .NET, perform the following procedure.
Replace the default path and file name of the keystore and truststore with the path and file name of your files:
key.store.file.name=keystoreFileName.p12
trust.store.file.name=truststoreFileName.cer
Replace the default password with your encrypted password value.
key.store.password.enc=encryptedPassword
The system uses the password only for the keystore.
Certificate details for internal communication between the Presentation Server and the App Visibility portal are managed by the App Visibility certificates file, appVisCertificates.xml, which contains default certificate information and is located on the Presentation Server. You can use your own default certificate and update the values of the Place your keystore file and (optional) truststore file (or multiple files for multiple tenants) on the Presentation Server computer. To replace the default certificate, replace the default path and file name of the keystore and (optional) the truststore, and the password with the values for your keystore file: Replace the following values: To add a certificate for one or more tenants, add the following element for each tenant, and use your values for the tenant name, path and file name of the keystore file and (optional) truststore files, and the encrypted password. Replace the following values: * Use a forward slash (/) for file paths, even on Windows systems.default-certificate
element in the appVisCertificates.xml file. In an environment with multiple tenants, you can add a tenant-certificate
element for each tenant. If you do not define a tenant-certificate
for one or more tenants, those tenants use the default-certificate
values, instead.<default-certificate path="conf/secure/appVisSecure/keystoreFileName.jks" password="encryptedPassword" truststorePath="conf/secure/appVisSecure/truststoreFileName.jks"/>
keystoreFileName
encryptedPassword
truststoreFileName
<tenant-certificate tenant="tenant1Name" path="conf/secure/appVisSecure/keystoreFileName.jks" password="encryptedPassword" truststorePath="conf/secure/appVisSecure/truststoreFileName.jks"/>
<tenant-certificate tenant="tenant2Name" path="conf/secure/appVisSecure/keystoreFileName.jks" password="encryptedPassword" truststorePath="conf/secure/appVisSecure/truststoreFileName.jks"/>
tenant1Name
, tenant2Name
keystoreFileName
encryptedPassword
truststoreFileName
Use an encrypted password so that the plain text password is not displayed in your App Visibility server properties files. After you encrypt the new password, copy the encrypted password to the relevant properties file.
Encrypt the password with the provided script, located on the portal or collector computer.
Windows
On the App Visibility portal or collector computer, open a command prompt, and run the following command:
portalInstallationDirectory/portal/bin/passwordEncrypt.bat NewPassword
collectorInstallationDirectory/collector/bin/passwordEncrypt.bat NewPassword
NewPassword is the password you want to encrypt.
A message is displayed while the password is encrypted and upon completion, the encrypted password is displayed.
Linux
On the App Visibility portal or collector computer, change to the required directory:
portalInstallationDirectory/portal/bin
Run the following command:
./passwordEncrypt.sh NewPassword
NewPassword is the password you want to encrypt.
A message is displayed while the password is encrypted and upon completion, the encrypted password is displayed.
16 Comments
Hadas Mark
Harihara Subramanian
Alexandre Boyer
Benjie Wolicki
Harihara Subramanian
Alexandre Boyer
Winsor Lim
Harihara Subramanian
Bayan Alden
Winsor Lim
Bayan Alden
Winsor Lim
Bayan Alden
Alexandre Boyer
Bayan Alden
Harihara Subramanian