In CA APM 10.x what is the significance of the new SSL connector property "certAlias" in the Jetty web server config file for the EM Web Server (em-jetty-config.xml) i.e. 
<Set name="certAlias">wily</Set>   (10.0-> 10.5)
<Set name="certAlias">caapm</Set>  (10.7)

Pre-APM 10.0 only the fixed name of 'wily' was supported for the Private Key alias stored in the EM_HOME/config/internal/server/keystore file so this a new property which enables the user to use their own alias when loading their Private Key.

The default EM_HOME/config/internal/server/keystore file provided with the EM install contains a Private Key with the default alias of 'wily' (versions 10.0-> 10.5)  or 'caapm' (version 10.7). So the user has 2 choices:

EITHER:

• Delete the 'wily' or 'caapm' alias from the keystore file.
• Load own Private Key/Certificate pair into the keystore with the same 'wily' or 'caapm' alias.
• Leave the Jetty web server config file unchanged

OR:

• Load own Private Key/Certificate pair into the keystore with new alias 'myalias'
• Edit the Jetty web server config file to have:  <Set name="certAlias">myalias</Set>

NOTES:

• It is not required to use the default keystore file and a completely new keystore can be created if desired.
• The WebView web server also supports "certAlias" although the OOTB version of the 10.0 and 10.1 webview-jetty-config.xml file does not have it (fixed in 10.2+). For details please see: https://comm.support.ca.com/kb/The-APM-10x-emjettyconfigxml-file-has-a-new-certAlias-property-but-it-is-missing-from-the-webviewjettyconfigxml-file/KB000036085
• It is only supported to have 1 "certAlias" property in either jetty web server config file. Multiple entries for that property will not cause an error on startup but only the value from the last "certAlias" property entry will be used.

Some useful commands:

• The following example commands are assumed to be run from directory EM_HOME/config/internal/server
• For the default keystore provided with the EM install the password is "password"
• The keytool executable is found in the Java Runtime Environment directory e.g. EM_HOME/jre/bin.
• For further information on keytool options & parameters see Oracle Java documentation e.g.
  • JDK Tools and Utilities - Security Tools
• keytool can be used to create a new keystore with new Private Key/Certificate pair using the genkeypair option - see:
  • keytool - genkeypair 
  • Creating a Keystore Using Keytool 
• To import own Private Key/Certificate pair the ImportPrivateKey utility should be used - see:
  • Creating a Keystore Using ImportPrivateKey

List contents of keystore into a file (verbose output): keytool -list -v -keystore keystore -storepass password > list_keystore.out

Delete alias 'wily' from keystore: keytool -delete -alias wily -keystore keystore -storepass password
Delete alias 'caapm' from keystore: keytool -delete -alias caapm -keystore keystore -storepass password