How to install a signed organizational cert in WebView APM

Document created by harcr06 Employee on Mar 13, 2017Last modified by harcr06 Employee on Mar 13, 2017
Version 2Show Document
  • View in full screen mode

References

https://wiki.eclipse.org/Jetty/Howto/Configure_SSL

https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores

https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

 

Procedure to enable SSL in APM WebView with a signed certificate

This procedure is performed at a command prompt with full Administrator (Windows) or root (Linux/Unix) permissions.

  1. Create a new keystore with a key pair
    1. cd <APM_HOME>/config/internal/server
    2. <APM_HOME>/jre/bin/keytool -genkeypair -alias APM -keyalg RSA -keysize 2048 -keystore <hostname>.keystore
    3. Answer questions, the first one is the most important: "What is your first and last name?" is the FQDN of the server as the clients will access it (eg. webview.my.company.com)
  2. Create a certificate request
    1. <APM_HOME>/jre/bin/keytool -certreq -alias APM -keystore <hostname>.keystore -file <hostname>.csr
  3. Submit CSR file to your organization's Certificate Authority (CA) and get signed certificate back
  4. Get your organization's CA chain (can usually download PFX file with all certificates)
    1. Or open signed certificate in Windows and export certificates one at a time (Base64 encoding)
  5. Import CA chain into new keystore
    1. For PFX file
      1. <APM_HOME>/jre/bin/keytool -importkeystore -srckeystore <CA_CHAIN>.pfx -destkeystore <hostname>.keystore
    2. For individual files
      1. Start with the top (root) certificate, and go in order down the chain
      2. <APM_HOME>/jre/bin/keytool -importcert -keystore <hostname>.keystore -file root-cert.pem -alias "Root CA"
  6. Import signed certificate into new keystore
    1. <APM_HOME>/jre/bin/keytool -importcert -keystore <hostname>.keystore -file <hostname>.cer -alias APM
  7. Encrypt keystore and private key password for use in webview jetty config file
    1. cd <APM_HOME>/product/webview/configuration/org.eclipse.osgi/bundles/99/1/.cp
    2. <APM_HOME>/jre/bin/java -cp ./jetty-6.1.25.jar:./jetty-util-6.1.26.jar org.mortbay.jetty.security.Password me <password>
  8. Configure WebView
    1. <APM_HOME>/config/webview-jetty-config.xml
      1. Set values for port, certAlias, keystore, password, keyPassword, trustore, trustPassword
    2. <APM_HOME>/config/IntroscopeWebView.properties
      1. Uncomment introscope.webview.jetty.configurationFile=webview-jetty-config.xml
  9. Restart WebView
1 person found this helpful

Attachments

    Outcomes