DX Application Performance Management

  • Private Community
Back to Library

How to install a signed organizational cert in WebView APM 

Mar 13, 2017 12:28 PM

References

https://wiki.eclipse.org/Jetty/Howto/Configure_SSL

https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores

https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

 

Procedure to enable SSL in APM WebView with a signed certificate

This procedure is performed at a command prompt with full Administrator (Windows) or root (Linux/Unix) permissions.

  1. Create a new keystore with a key pair
    1. cd <APM_HOME>/config/internal/server
    2. <APM_HOME>/jre/bin/keytool -genkeypair -alias APM -keyalg RSA -keysize 2048 -keystore <hostname>.keystore
    3. Answer questions, the first one is the most important: "What is your first and last name?" is the FQDN of the server as the clients will access it (eg. webview.my.company.com)
  2. Create a certificate request
    1. <APM_HOME>/jre/bin/keytool -certreq -alias APM -keystore <hostname>.keystore -file <hostname>.csr
  3. Submit CSR file to your organization's Certificate Authority (CA) and get signed certificate back
  4. Get your organization's CA chain (can usually download PFX file with all certificates)
    1. Or open signed certificate in Windows and export certificates one at a time (Base64 encoding)
  5. Import CA chain into new keystore
    1. For PFX file
      1. <APM_HOME>/jre/bin/keytool -importkeystore -srckeystore <CA_CHAIN>.pfx -destkeystore <hostname>.keystore
    2. For individual files
      1. Start with the top (root) certificate, and go in order down the chain
      2. <APM_HOME>/jre/bin/keytool -importcert -keystore <hostname>.keystore -file root-cert.pem -alias "Root CA"
  6. Import signed certificate into new keystore
    1. <APM_HOME>/jre/bin/keytool -importcert -keystore <hostname>.keystore -file <hostname>.cer -alias APM
  7. Encrypt keystore and private key password for use in webview jetty config file
    1. cd <APM_HOME>/product/webview/configuration/org.eclipse.osgi/bundles/99/1/.cp
    2. <APM_HOME>/jre/bin/java -cp ./jetty-6.1.25.jar:./jetty-util-6.1.26.jar org.mortbay.jetty.security.Password me <password>
  8. Configure WebView
    1. <APM_HOME>/config/webview-jetty-config.xml
      1. Set values for port, certAlias, keystore, password, keyPassword, trustore, trustPassword
    2. <APM_HOME>/config/IntroscopeWebView.properties
      1. Uncomment introscope.webview.jetty.configurationFile=webview-jetty-config.xml
  9. Restart WebView

Statistics
0 Favorited
18 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.