DX Application Performance Management

  • Private Community
 View Only
Back to Library

How to install a signed organizational cert in WebView APM 

Mar 13, 2017 12:28 PM

References

https://wiki.eclipse.org/Jetty/Howto/Configure_SSL

https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores

https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

 

Procedure to enable SSL in APM WebView with a signed certificate

This procedure is performed at a command prompt with full Administrator (Windows) or root (Linux/Unix) permissions.

  1. Create a new keystore with a key pair
    1. cd <APM_HOME>/config/internal/server
    2. <APM_HOME>/jre/bin/keytool -genkeypair -alias APM -keyalg RSA -keysize 2048 -keystore <hostname>.keystore
    3. Answer questions, the first one is the most important: "What is your first and last name?" is the FQDN of the server as the clients will access it (eg. webview.my.company.com)
  2. Create a certificate request
    1. <APM_HOME>/jre/bin/keytool -certreq -alias APM -keystore <hostname>.keystore -file <hostname>.csr
  3. Submit CSR file to your organization's Certificate Authority (CA) and get signed certificate back
  4. Get your organization's CA chain (can usually download PFX file with all certificates)
    1. Or open signed certificate in Windows and export certificates one at a time (Base64 encoding)
  5. Import CA chain into new keystore
    1. For PFX file
      1. <APM_HOME>/jre/bin/keytool -importkeystore -srckeystore <CA_CHAIN>.pfx -destkeystore <hostname>.keystore
    2. For individual files
      1. Start with the top (root) certificate, and go in order down the chain
      2. <APM_HOME>/jre/bin/keytool -importcert -keystore <hostname>.keystore -file root-cert.pem -alias "Root CA"
  6. Import signed certificate into new keystore
    1. <APM_HOME>/jre/bin/keytool -importcert -keystore <hostname>.keystore -file <hostname>.cer -alias APM
  7. Encrypt keystore and private key password for use in webview jetty config file
    1. cd <APM_HOME>/product/webview/configuration/org.eclipse.osgi/bundles/99/1/.cp
    2. <APM_HOME>/jre/bin/java -cp ./jetty-6.1.25.jar:./jetty-util-6.1.26.jar org.mortbay.jetty.security.Password me <password>
  8. Configure WebView
    1. <APM_HOME>/config/webview-jetty-config.xml
      1. Set values for port, certAlias, keystore, password, keyPassword, trustore, trustPassword
    2. <APM_HOME>/config/IntroscopeWebView.properties
      1. Uncomment introscope.webview.jetty.configurationFile=webview-jetty-config.xml
  9. Restart WebView

Statistics
0 Favorited
19 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Hallett German
Oct 04, 2019 07:49 AM

#harcr06 New for later versions of APM 10.7  that have jetty 9.4.x

Here are the updated steps. 
Locate the following Jars 
jetty-http-9.4.11.v20180605.jar
jetty-util-9.4.11.v20180605.jar
- should be in the following directory
[Install Dir Home]\product\webview\plugins\org.mortbay.jetty_9.4.11-1
Run the below from that directory: 
java -cp ./jetty-util-9.4.11.v20180605.jar:./jetty-http-9.4.11.v20180605.jar org.eclipse.jetty.util.security.Password
Notice the package name change  - > older - org.mortbay.jetty.security.Password 
​​

Hallett German
Jul 31, 2018 03:29 PM

harcr06

Step 7b has a copy and paste error look at the original doc you linked above

https://wiki.eclipse.org/Jetty/Howto/Secure_Passwords 

 

For example, to generate a secured version of the password blah for the user me, enter: 

 

 

> java -cp lib/jetty-http-***.jar:lib/jetty-util-***.jar org.mortbay.jetty.security.Password me blah 

 

blah 

 

OBF:20771x1b206z 

 

MD5:639bae9ac6b3e1a84cebb7b403297b79 

 

CRYPT:me/ks90E221EY 

 

 

 

In this example, only the usernames are in quotes 

 

https://comm.support.ca.com/kb/_How-to-obfuscate-the-jetty-password-for-emjettyconfigxml-and-webviewjettyconfigxml/KB000041759 

 

Java -classpath jetty-***.jar;jetty-util-***.jar org.mortbay.jetty.security.Password `KeystorePassword' password 

Hallett German
Mar 15, 2017 08:18 AM

This is a popular topic. Thanks Craig for a good knowledge contribution! 

Related Entries and Links

No Related Resource entered.