DX Application Performance Management

How to install a signed organizational cert in WebView APM 

Mar 13, 2017 12:28 PM






Procedure to enable SSL in APM WebView with a signed certificate

This procedure is performed at a command prompt with full Administrator (Windows) or root (Linux/Unix) permissions.

  1. Create a new keystore with a key pair
    1. cd <APM_HOME>/config/internal/server
    2. <APM_HOME>/jre/bin/keytool -genkeypair -alias APM -keyalg RSA -keysize 2048 -keystore <hostname>.keystore
    3. Answer questions, the first one is the most important: "What is your first and last name?" is the FQDN of the server as the clients will access it (eg. webview.my.company.com)
  2. Create a certificate request
    1. <APM_HOME>/jre/bin/keytool -certreq -alias APM -keystore <hostname>.keystore -file <hostname>.csr
  3. Submit CSR file to your organization's Certificate Authority (CA) and get signed certificate back
  4. Get your organization's CA chain (can usually download PFX file with all certificates)
    1. Or open signed certificate in Windows and export certificates one at a time (Base64 encoding)
  5. Import CA chain into new keystore
    1. For PFX file
      1. <APM_HOME>/jre/bin/keytool -importkeystore -srckeystore <CA_CHAIN>.pfx -destkeystore <hostname>.keystore
    2. For individual files
      1. Start with the top (root) certificate, and go in order down the chain
      2. <APM_HOME>/jre/bin/keytool -importcert -keystore <hostname>.keystore -file root-cert.pem -alias "Root CA"
  6. Import signed certificate into new keystore
    1. <APM_HOME>/jre/bin/keytool -importcert -keystore <hostname>.keystore -file <hostname>.cer -alias APM
  7. Encrypt keystore and private key password for use in webview jetty config file
    1. cd <APM_HOME>/product/webview/configuration/org.eclipse.osgi/bundles/99/1/.cp
    2. <APM_HOME>/jre/bin/java -cp ./jetty-6.1.25.jar:./jetty-util-6.1.26.jar org.mortbay.jetty.security.Password me <password>
  8. Configure WebView
    1. <APM_HOME>/config/webview-jetty-config.xml
      1. Set values for port, certAlias, keystore, password, keyPassword, trustore, trustPassword
    2. <APM_HOME>/config/IntroscopeWebView.properties
      1. Uncomment introscope.webview.jetty.configurationFile=webview-jetty-config.xml
  9. Restart WebView

0 Favorited
0 Files

Related Entries and Links

No Related Resource entered.