How APM CE (CEM) SSL private keys are protected on the TIM and TIM Collector
Article ID: 19330
CA Application Performance Management Agent (APM / Wily / Introscope)INTROSCOPE
The following process is used to implement private keys:
The SSL private keys are uploaded to the TIM Collector using an HTTP/HTTPS connection to the administrative APM CE UI.
The TIM Collector forwards these immediately without storing them to each enabled TIM.
The TIM Collector encrypts the keys using 128-bit Advanced Encryption Standard (AES) and sends them over an HTTP(S) connection, encrypting the key again for the SSL connection if configured.
The AES encryption key is not stored as a data file. It is hard-coded into the TIM and TIM Collector.
Each TIM encrypts the key again using 256-bit AES, with a different key that is hard-coded into the TIM. The encrypted result is stored in the directory /etc/wily/cem/tim/config/webservers with a filename of the form 10.10.10.10-10.10.10.10~80.xml-enc.