Importing a KeyStore file to replace the self-signed certificate

During the installation of the APM Proxy, you provided the location of the KeyStore file that will handle SSL-encrypted beacons and injected requests. The values that you provided during installation are saved in the apm-proxy.properties file. If you did not have the KeyStore file during installation, or if you now need to provide a new one, you must use one of the following procedures to update the apm-proxy.properties file:

Before you begin

  • You must have a KeyStore file in one of the following formats: PKCS12 (PFX) and JKS. The  PKCS12 and JKS file are both binary encrypted, password-protected files. 
  • The KeyStore password must match the password of the private key. 
  • The KeyStore password cannot contain the following characters: | ^ ; " < > ,

To import a KeyStore file by interactively executing a script

  1. From a command line, type one of the following scripts, and press Enter:
    • (Windows) import-key-store.bat
    • (Linux) import-key-store.sh
  2. Provide values at the following prompts:
    1. Enter the KeyStore type (JKS\PCKS12)
    2. Enter the KeyStore full path: The full path to the KeyStore file must include the file name. 
    3. Enter the KeyStore password: The plain text password is masked as you type it and encrypted in the properties file.
  3. Restart one of the following APM Proxy services:
    • (Windows) BMC Application Diagnostics APM Proxy
    • (Linux) adop_apm_proxy

To import a KeyStore file by silently executing a script

  1. Encrypt the KeyStore password by running the following CLI command: 

    • (Windows) installationDirectory\portal\bin\passwordEncrypt.bat newPassword
      Example:       C:\Program Files\BMC Software\BMC Application Diagnostics\apm-proxy\bin\passwordEncrypt.bat myAPMproxyPassword
    • (Linux) installationDirectory\portal\bin\passwordEncrypt.sh newPassword

    Where:

    • installationDirectory is the full path of the installation directory
    • newPassword is the clear-text password 

    A message is displayed during the encryption process.

    When encryption is complete, the encrypted password is displayed.

  2. Copy the encrypted password to use in the following step.

  3. From a command line, enter one of the following commands:

    • (Windows) import-key-store.bat keyStoreType keyStoreFullPath keyStoreEncryptedPassword
    • (Linux) import-key-store.sh keyStoreType keyStoreFullPath keyStoreEncryptedPassword

    Where:

    • keyStoreType is PKCS12 or JKS (Do not enter lower-case characters.)
    • keyStoreFullPath is the full path and file name of the KeyStore file
    • keyStoreEncryptedPassword is the encrypted password to the KeyStore file

     

  4. Restart one of the following APM Proxy services:
    • (Windows) BMC Application Diagnostics APM Proxy
    • (Linux) adop_apm_proxy

Additional resource

Oracle: KeyStores and TrustStores

Related topics

Performing-the-Diagnostics-Server-installation

Starting-and-stopping-the-Diagnostics-Server-services

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*