DX Application Performance Management

Expand all | Collapse all

SSL APM

Jump to Best Answer
  • 1.  SSL APM

    Posted 11-07-2017 03:27 PM

    Hi team,

     

    Currently I am activating the HTTPs in APM 10.5.2, but I am not very clear about the procedure indicated in the documentation. So far I have done the following:

     

    In file introscope.webview.properties:

     

    - introscope.webview.enterprisemanager.tcp.host=apmsrv.com
    - introscope.webview.enterprisemanager.tcp.port=8444
    - introscope.webview.enterprisemanager.webserver.tcp.port=8081

    - introscope.webview.enterprisemanager.rest.base=https://apmsrv.com:8080/apm/appmap.

     

    in file em-jetty-config.xml

     

    <Arg>
    <New class="com.wily.webserver.TrustingSslSocketConnector">
    <Set name="validateCertificates">true</Set>
    <Set name="HeaderBufferSize">8192</Set>
    <Set name="RequestBufferSize">16384</Set>
    <Set name="verifyHostnames">true</Set>
    <Set name="port">8444</Set>
    <Set name="certAlias">wily</Set>
    <Set name="keystore"><SystemProperty name="introscope.config" default="./config" />/internal/server/keystore</Set>
    <Set name="password">password</Set>
    <Set name="keyPassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
    <Set name="truststore"><SystemProperty name="introscope.config" default="./config" />/internal/server/keystore</Set>
    <Set name="trustPassword">password</Set>
    <Set name="needClientAuth">true</Set>

    <Set name="cipherSuites">
    <Array type="java.lang.String">
    <Item>SSL_DH_anon_WITH_RC4_128_MD5</Item>
    </Array>
    </Set>

     

    But when I try to access the webview portal, I get a page error.

     

    First I want to activate the https in unsafe mode, then apply the keys,

    Thanks,
    Richard


  • 2.  Re: SSL APM

    Posted 11-07-2017 03:40 PM

    Hi Team,

     

    Have any APM administrators/partners attempted this?  If so, what were your findings?

     

    Thanks,
    Matt



  • 3.  Re: SSL APM

    Posted 11-07-2017 09:29 PM
    Thank you very much, I am aware of any suggestions.

    Regards,

    Richard



  • 4.  Re: SSL APM
    Best Answer

    Posted 11-08-2017 08:09 AM

    Dear Richard:

    I will attempt to get a response internally. If you do not hear back by the time you read this, please consider opening a case. If you open a case, please post the resolution to help others

     

    All Others:

    Can you point Richard to some clear next steps? Thanks in advance.



  • 5.  Re: SSL APM

    Posted 11-09-2017 01:21 PM

    Take a look at my blog: CA APM - updating Jetty with your own keystore password 

    Consider what the wiki outlines for enabling EM SSL: Configure Enterprise Manager Communications - CA Application Performance Management - 10.5 - CA Technologies Documentati… 

    Consider what the wiki outlines for enabling WV SSL: IntroscopeWebView.properties - CA Application Performance Management - 10.5 - CA Technologies Documentation 

     

    Oracle makes mention of placing all of our trusted root certs into the default truststore <jre_home>/lib/security/cacerts, or create your own truststore: Generating a KeyStore and TrustStore (Configuring Java CAPS for SSL Support) 



  • 6.  Re: SSL APM

    Posted 11-13-2017 09:12 AM

    Hi team,

     

    CA support helped me, and then I share the procedure to activate the HTTPs protocol in
    CA APM, the next step is to apply the signed certificate:

    Using security port 443 and 444

    1) Set HTTPS for MOM
    a) Stop MOM and WebView services
    b) Goto <APM root directory>\config
    c) Edit IntroscopeEnterpriseManager.properties file and change the following parameters:
    introscope.apmserver.ui.command.center.url=https:// <MOM Server Hostname>:443/#/home
    Uncomment (Remove the #) of:
    introscope.enterprisemanager.webserver.jetty.configurationFile=em-jetty-config.xml
    Save
    d) Edit em-jetty-config.xml file
    Find the first addConnector session (<Call name="addConnector">)
    Change the port from 8444 to 444
    From
    <Set name="port">8444</Set>
    To
    <Set name="port">444</Set>
    Goto for the second addConnector session (<Call name="addConnector">)
    This second session is commented so remove the characters “<!--“ before “<Call Name...” and the characters “-->” after </Call>
    This session should be like this:
    <!-- that doesn't throw NPE on EM shutdown -->
    <Call name="addConnector">
    <Arg>
    <New class="com.wily.webserver.NoNPESocketConnector">
    <Set name="port">8081</Set>
    <Set name="HeaderBufferSize">8192</Set>
    <Set name="RequestBufferSize">16384</Set>
    <Set name="ThreadPool">
    <New class="org.mortbay.thread.BoundedThreadPool">
    <Set name="minThreads">10</Set>
    <Set name="maxThreads">100</Set>
    <Set name="maxIdleTimeMs">60000</Set>
    </New>
    </Set>
    </New>
    </Arg>
    </Call>
    </Configure>
    Save

    2) Set HTTPS for TEAMCENTER (WEBVIEW)
    a) Edit the IntroscopeWebView.properties file
    Uncomment (Remove the #) of:
    introscope.webview.jetty.configurationFile=webview-jetty-config.xml
    Change the introscope.webview.tcp.port from 8080 to 443
    introscope.webview.tcp.port=443
    Save
    b) Edit webview-jetty-config.xml file
    Find the first addConnector session (<Call name="addConnector">)
    Change the port from 8443 to 443
    From
    <Set name="port">8443</Set>
    To
    <Set name="port">443</Set>
    Goto for the second addConnector session (<Call name="addConnector">)
    This second session is commented so remove the characters “<!--“ before “<Call Name...” and the characters “-->” after </Call>
    This session should be like this:
    <!-- that doesn't throw NPE on EM shutdown -->
    <Call name="addConnector">
    <Arg>
    <New class="com.wily.webserver.NoNPESocketConnector">
    <Set name="port">8080</Set>
    <Set name="HeaderBufferSize">8192</Set>
    <Set name="RequestBufferSize">16384</Set>
    <Set name="ThreadPool">
    <New class="org.mortbay.thread.BoundedThreadPool">
    <Set name="minThreads">10</Set>
    <Set name="maxThreads">100</Set>
    <Set name="maxIdleTimeMs">60000</Set>
    </New>
    </Set>
    </New>
    </Arg>
    </Call>
    </Configure>
    Save

    3) Start MOM and WebView services

    4) Open Web Explorer and access:
    CEM and Workstation
    https:// <MOM Server Hostname>:444
    CEM
    https:// <MOM Server Hostname>:444/wily
    Workstation
    https:// <MOM Server Hostname>:444/workstation
    WebView
    https:// <MOM Server Hostname>:443
    TeamCenter
    https:// <MOM Server Hostname>:443/ApmServer

    Regards,

    Richard



  • 7.  Re: SSL APM

    Posted 11-13-2017 10:52 AM

    Thanks Richard for sharing the resolution. I know others are appreciative that you did so!