In CA APM 10.x what feature does new EM/WebView Jetty web server config SSL property "certAlias" provide and how can the keystore be updated with own Private Key/Certificate pair for that alias value.


Article ID: 36154


Updated On:


APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE


In CA APM 10.x what is the significance of the new SSL connector property "certAlias" in the Jetty web server config file for the EM Web Server (em-jetty-config.xml) i.e. 
<Set name="certAlias">wily</Set>   (10.0-> 10.5)
<Set name="certAlias">caapm</Set>  (10.7)


APM 10.x


Pre-APM 10.0 only the fixed name of 'wily' was supported for the Private Key alias stored in the EM_HOME/config/internal/server/keystore file so this a new property which enables the user to use their own alias when loading their Private Key.

The default EM_HOME/config/internal/server/keystore file provided with the EM install contains a Private Key with the default alias of 'wily' (versions 10.0-> 10.5)  or 'caapm' (version 10.7). So the user has 2 choices:


  • Delete the 'wily' or 'caapm' alias from the keystore file.
  • Load own Private Key/Certificate pair into the keystore with the same 'wily' or 'caapm' alias.
  • Leave the Jetty web server config file unchanged


  • Load own Private Key/Certificate pair into the keystore with new alias 'myalias'
  • Edit the Jetty web server config file to have:  <Set name="certAlias">myalias</Set>


    Additional Information


    Some useful commands:

    • The following example commands are assumed to be run from directory EM_HOME/config/internal/server
    • For the default keystore provided with the EM install the password is "password"
    • The keytool executable is found in the Java Runtime Environment directory e.g. EM_HOME/jre/bin.
    • For further information on keytool options & parameters see Oracle Java documentation e.g.
    • keytool can be used to create a new keystore with new Private Key/Certificate pair using the genkeypair option - see:
    • To import own Private Key/Certificate pair the ImportPrivateKey utility should be used - see:

    List contents of keystore into a file (verbose output): keytool -list -v -keystore keystore -storepass password > list_keystore.out

    Delete alias 'wily' from keystore: keytool -delete -alias wily -keystore keystore -storepass password
    Delete alias 'caapm' from keystore: keytool -delete -alias caapm -keystore keystore -storepass password