search cancel

How APM CE (CEM) SSL private keys are protected on the TIM and TIM Collector


Article ID: 19330


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE


The following process is used to implement private keys:

  1. The SSL private keys are uploaded to the TIM Collector using an HTTP/HTTPS connection to the administrative APM CE UI.
  2. The TIM Collector forwards these immediately without storing them to each enabled TIM.
  3. The TIM Collector encrypts the keys using 128-bit Advanced Encryption Standard (AES) and sends them over an HTTP(S) connection, encrypting the key again for the SSL connection if configured.
  4. The AES encryption key is not stored as a data file. It is hard-coded into the TIM and TIM Collector.
  5. Each TIM encrypts the key again using 256-bit AES, with a different key that is hard-coded into the TIM. The encrypted result is stored in the directory /etc/wily/cem/tim/config/webservers with a filename of the form


Component: APMCM