Importing a KeyStore file or replacing the certificate

During installation of the App Visibility proxy, you provide the location of the KeyStore file that handles SSL-encrypted beacons and injected requests. The values that you provide during installation are saved in the apm-proxy.properties file. If you did not have the KeyStore file during installation, or if you now need to provide a new one, you must use one of the following procedures to update the apm-proxy.properties file:

• Import a KeyStore file by interactively executing a script
• Import a KeyStore file by silently executing a script

Before you begin

• You must have a KeyStore file in one of the following formats: PKCS12 (PFX) and JKS.
  The PKCS12 and JKS file are both binary encrypted, password-protected files. 
• The KeyStore password must match the password of the private key. 
• The KeyStore password cannot contain the following characters: | ^ ; " < > ,

To import a KeyStore file by interactively executing a script

1. From a command line, type one of the following scripts, and press Enter:
   • (Windows) installationDirectory\apm-proxy\bin\import-keystore.bat
   • (Linux) installationDirectory/apm-proxy/bin/import-keystore.sh
2. Provide values at the following prompts:
   1. Enter the KeyStore type (JKS or PCKS12)
   2. Enter the KeyStore full path: The full path to the KeyStore file must include the file name. 
   3. Enter the KeyStore password: The plain text password is masked as you type it and encrypted in the properties file.
3. Restart the relevant App Visibility proxy services:
   • (Windows) BMC App Visibility Proxy
   • (Linux) adop_apm_proxy

To import a KeyStore file by silently executing a script

1. Encrypt the KeyStore password by running the following CLI command: 

   • (Windows) installationDirectory\apm-proxy\bin\passwordEncrypt.bat newPassword
     
   • (Linux) installationDirectory/apm-proxy/bin/passwordEncrypt.sh newPassword

   Where:

   • installationDirectory is the full path of the installation directory
   • newPassword is the clear-text password 

   C:\Program Files\BMC Software\App Visibility\apm-proxy\bin\passwordEncrypt.bat myAppVisibilityProxyPassword
   A message is displayed during the encryption process.

   When encryption is complete, the encrypted password is displayed.

2. Copy the encrypted password to use in the following step.

3. From a command line, enter one of the following commands:

   • (Windows) installationDirectory\apm-proxy\bin\import-keystore.bat keyStoreType keyStoreFullPath keyStoreEncryptedPassword
   • (Linux) installationDirectory/apm-proxy/bin/import-keystore.sh keyStoreType keyStoreFullPath keyStoreEncryptedPassword

   Where:

   • keyStoreType is PKCS12 or JKS (Do not enter lower-case characters.)
   • keyStoreFullPath is the full path and file name of the KeyStore file
   • keyStoreEncryptedPassword is the encrypted password to the KeyStore file

    

4. Restart one of the following App Visibility proxy services:
   • (Windows) BMC App Visibility Proxy
   • (Linux) adop_apm_proxy

Additional resource

Oracle: KeyStores and TrustStores

Where to go from here

Continue App Visibility configuration by performing the following procedures:

• Changing-the-App-Visibility-database-password-after-installation, 
• Configuring-network-settings-after-the-App-Visibility-server-installation
• Configuring-App-Visibility-agents-for-Java-after-installation

After you configure the App Visibility system, performing the following procedures:

• Configuring-application-discovery
• Configuring-event-thresholds-SLAs-for-automatically-discovered-applications
• For synthetic applications, configure synthetic transactions.

Related topics

Performing-the-App-Visibility-server-installation

Changing-App-Visibility-proxy-settings

Starting-and-stopping-the-App-Visibility-server-servicesInfrastructure Management security planning