WebServer SSL Certificate Installation

book

Article ID: 145558

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

Trying to install an SSL certificate for Introscope EM and Webview.


Generated the CSR, got the certificate, converted it to p7b and imported it to the newly created keystore (WebView).

Commands:

./keytool -genkey -alias apm-em.BCiternal.com -keyalg RSA -keystore Webview -keysize 2048

./keytool -certreq -alias apm-em.BCiternal.com -file certreq.csr -keystore Webview

openssl crl2pkcs7 -nocrl -certfile apm-em.BCinternal.com.cer -out apm-em.BCinternal.com.p7b -certfile apm-em.BCinternal.com.cer

./keytool -import -alias apm-em.BCinternal.com  -trustcacerts -file apm-em.BCinternal.com.p7b -keystore  Webview


Added the patch to the keystore in webview-jetty-config.xml and em-jetty-config.xml


  <Call name="addConnector">

    <Arg>

      <New class="com.wily.webserver.TrustingSslSocketConnector">

        <Set name="validateCertificates">false</Set>

        <Set name="HeaderBufferSize">8192</Set>

        <Set name="RequestBufferSize">16384</Set>

        <Set name="verifyHostnames">false</Set>

        <Set name="port">444</Set>

        <Set name="certAlias">caapm</Set>

        <Set name="keystore"><SystemProperty name="introscope.config" default="./jre/bin/WebView" />/internal/server/keystore</Set>

        <Set name="password">OBF:1v2j1uum1xtv1zccdde2dty4uvk1v1v</Set>

        <Set name="keyPassword">OBF:1v2j1uum1xtv1zccdde2dty4uvk1v1v</Set>

        <Set name="truststore"><SystemProperty name="introscope.config" default="./config" />/internal/server/keystore</Set>

        <Set name="trustPassword">OBF:1v2j1uum1xtv1zccdde2dty4uvk1v1v</Set>

        <Set name="needClientAuth">false</Set>

 

But the SSL is still not showing.

 

Cause

Mis-configuration of the certAlias  SSL Connector property 

Environment

Release : Introscope10.7.0.45

Component : Webview 

Resolution

add the certAlias       

<Set name="certAlias">apm-em.BCinternal.com</Set>

        <Set name="keystore"><SystemProperty name="introscope.config" default="./config" />/caapm</Set>

Additional Information


Enabling APM HTTPS Communications using a Non-default Keystore or Certificate


In CA APM 10.x what feature does new EM/WebView Jetty web server config SSL property "certAlias" provide and how can the keystore be updated with own Private Key/Certificate pair for that alias value.