CA APM WebView and EM Secure configuration password
search cancel

CA APM WebView and EM Secure configuration password

book

Article ID: 439199

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

When HTTPS is enabled on the CA APM WebView, the em-jetty-config.xml file contains the keystore password in clear text. Despite multiple attempts to encrypt it using SHA2Encoder.sh, the password remains unencrypted. While passwords in users.xml are automatically encrypted upon a restart, this behavior is not occurring for em-jetty-config.xml.
 
Company security policy prohibits storing passwords in clear text. Could you please provide guidance on how to properly secure this configuration?

Environment

Release: All APM versions

Component: INTSCP

Resolution

Saving the jetty-config.xml and restarting the EM does not automatically obfuscate the password. This behavior is consistent with the current product design.

Powered by Wolken Software