WebServer SSL Certificate Installation
search cancel

WebServer SSL Certificate Installation


Article ID: 145558


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management


Trying to install an SSL certificate for Introscope EM and Webview.

Generated the CSR, got the certificate, converted it to p7b and imported it to the newly created keystore (WebView).


./keytool -genkey -alias apm-em.BCiternal.com -keyalg RSA -keystore Webview -keysize 2048

./keytool -certreq -alias apm-em.BCiternal.com -file certreq.csr -keystore Webview

openssl crl2pkcs7 -nocrl -certfile apm-em.BCinternal.com.cer -out apm-em.BCinternal.com.p7b -certfile apm-em.BCinternal.com.cer

./keytool -import -alias apm-em.BCinternal.com  -trustcacerts -file apm-em.BCinternal.com.p7b -keystore  Webview

Added the patch to the keystore in webview-jetty-config.xml and em-jetty-config.xml

  <Call name="addConnector">


      <New class="com.wily.webserver.TrustingSslSocketConnector">

        <Set name="validateCertificates">false</Set>

        <Set name="HeaderBufferSize">8192</Set>

        <Set name="RequestBufferSize">16384</Set>

        <Set name="verifyHostnames">false</Set>

        <Set name="port">444</Set>

        <Set name="certAlias">caapm</Set>

        <Set name="keystore"><SystemProperty name="introscope.config" default="./jre/bin/WebView" />/internal/server/keystore</Set>

        <Set name="password">OBF:1v2j1uum1xtv1zccdde2dty4uvk1v1v</Set>

        <Set name="keyPassword">OBF:1v2j1uum1xtv1zccdde2dty4uvk1v1v</Set>

        <Set name="truststore"><SystemProperty name="introscope.config" default="./config" />/internal/server/keystore</Set>

        <Set name="trustPassword">OBF:1v2j1uum1xtv1zccdde2dty4uvk1v1v</Set>

        <Set name="needClientAuth">false</Set>


But the SSL is still not showing.



Release : Introscope10.7.0.45

Component : Webview 


Mis-configuration of the certAlias  SSL Connector property 


add the certAlias       

<Set name="certAlias">apm-em.BCinternal.com</Set>

        <Set name="keystore"><SystemProperty name="introscope.config" default="./config" />/caapm</Set>

Additional Information

Enabling APM HTTPS Communications using a Non-default Keystore or Certificate

In CA APM 10.x what feature does new EM/WebView Jetty web server config SSL property "certAlias" provide and how can the keystore be updated with own Private Key/Certificate pair for that alias value.