Page tree
Skip to end of metadata
Go to start of metadata

This section describes the management of secure socket layer (SSL) keys and the settings for decryption of HTTPS traffic by the Real User Cloud Probe. A web application uses encryption to protect sensitive data that travels between the client and the server. Without the proper deciphering mechanism, the system cannot decrypt the intercepted traffic. To process encrypted traffic, you must upload the appropriate cryptographic keys (SSL keys) to the Cloud Probe host system.

The Cloud Probe supports SSL keys with certificates that use the privacy-enhanced mail (PEM) format.


Passphrase- and Password-protected private keys are not supported.

To configure SSL keys to decrypt Cloud Probe traffic

  1. Log in to the system where you installed the Cloud Probe with an Administrator account.
  2. Stop the Cloud Probe service.
  3. Navigate to the Cloud Probe configuration file.


    Operating SystemFile location
  4. Copy your private PEM key to the Cloud Probe host system.
  5. Create a private key with pem__PEM suffix:
    • On Linux, run the following command:
      mv /<keyLocation>/<keyName>.pem /<keyDestination>/<keyName>.pem__PEM
    • On Windows, rename the file by changing its suffix to <keyname>.pem__PEM.
  6. To verify an SSL key has been loaded properly by a Cloud Probe, the check for the following success message in the installationDirectory/cloudprobe\staging\var\log\epx\epx.log file.

    <date and time stamp> info  [CORE] INFO: SSL Keys and/or Hosts accept: GOOD

    If you receive an error, see SSL CFG ERROR issued for incorrect Cloud Probe SSL key configuration. See also Troubleshooting traffic capture on a Cloud Probe.

Example SSL keys

Example of binding multiple IP addresses to the same key

keymaterial /opt/bmc/CloudProbe/cloudproeb/conf/key.pem__PEM ON
keyfor 443-443 1 key.pem
keyfor 443-443 1 key.pem

Example of binding multiple keys to multiple ports of the same address

keymaterial C:/CP/cloudprobe/conf/09_pem_des_nopas.pem__PEM ON 
keymaterial C:/CP/cloudprobe/conf/12_pem_plain_nopas.pem__PEM ON
keyfor 0-65535 1 09_pem_des_nopas.pem,12_pem_plain_nopas.pem

Example of binding multiple keys to multiple IP addresses and multiple ports

keymaterial /opt/bmc/CloudProbe/cloudprobe/conf/key.pem__PEM ON
keymaterial /opt/bmc/CloudProbe/cloudprobe/conf/key1.pem__PEM ON
keymaterial /opt/bmc/CloudProbe/cloudprobe/conf/key2.pem__PEM ON
keymaterial /opt/bmc/CloudProbe/cloudprobe/conf/key3.pem__PEM ON
keyfor 1-65535 1 key.pem,key1.pem
keyfor 1-65535 2 key2.pem,key3.pem

Related topics

Installing the Cloud Probe







  2. what is the meaning of HOST ID. and how can I get it. also, do we have a standard template or commands to Generate .PEM file. also if I have more than 3 servers use the same certificates why the certificate decrypt the first server but not the other?

    1. Hi,

      Please open a support case with BMC Customer Support.

      A support representative will be able to provide the additional information.

      Best Regards,