Either of these outputs indicate that there is successful HTTPS communication between the servers.Ĭ. Otherwise you will see a No data message. The report is displayed if you have populated data. To validate the connection from BSM/APM to the RUM Engine, on BSM/APM, try to open the RUM Session Analyzer report which is located under Applications > End User Management. Step 11 validates a successful HTTPS connection from the RUM Engine to the BSM/APM server.ī. The two way communication for the RUM Engine to APM/BSM is in place.Ī. Restart the APM/BSM services in the Gateway server. (cacerts file under both JRE and JRE64 should be updated with RUM certificate) You also need to update the RUM certificate for cacerts which is located in the / JRE64/lib/security folder. In the KeyStore Explorer, open cacerts which is located in the / JRE/lib/security folder and drag and drop the RUM certificate as described in Step 8 and Step 9. Install KeyStore Explorer in the APM/BSM server. Importing the RUM Engine Certificate to APM/BSM: (Replace ‘hostname’ with RUM Engine Server name) Browse to the RUM Engine server URL using HTTPS. To complete the HTTPS settings, you need to export the certificate from the RUM Engine server and import it to APM/BSM server.ĭownload the RUM Engine certificate as described in Step 1 and Step 2. A pop-up message appears that confirms a successful HTTPS connection between APM/BSM to RUM Engine. The Application Performance Management Connection Settings page appears.ī. In RUM, click Configuration > APM Configuration Settings. Click OK in the Import screen and make sure that the certificate is imported in the KeyStore.Ĭlose the KeyStore Explorer window and restart the RUM Engine services.Ī. Keep the Enter Alias field intact and click OK.Ī. When the KeyStore for the cacerts opens, drag and drop the APM_cert to the KeyStore window and click Import.ī. For the default KeyStore password, search the APM 9.31 Hardening Guide for the default value of “storepass”.Ī. For RUM, it is in \JRE\lib\security\cacerts.Įnter the KeyStore password. When you click Open an existing KeyStore, you will be asked to browse to the location of the KeyStore. If you are unable to open KeyStore Explorer by double-clicking, issue the following command in a command prompt under c:\Program Files (x86)\KeyStore Explorer 5.2.2: Open KeyStore Explorer which is installed in the RUM Engine server and click Open an existing KeyStore. (The current version is 5.2.2) and install it on the RUM Engine server. Importing the APM/BSM Certificate into the RUM EngineĬopy the saved/downloaded certificate (e.g., APM_cert) to the RUM Engine server.ĭownload KeyStore Explorer from the internet. The export was successful message appears. Click Browse and enter a meaningful name (e.g., APM_cert) to save the file locally. Click the Certificate section as shown in the screenshot below. (Replace with your server name – Data collectors like RUM)Ī. (Replace with your server name – BSM/APM Server name) Open the supported browser and browse to the server with HTTPS as shown in the examples below. The steps listed below explain how the second task ( Getting the client to trust the certificate served by the server) can be easily accomplished. Real User Monitor 9.31 Hardening Guide (Chapter 7).Getting the client to trust the certificate served by the serverįor the first task, refer to the Hardening Guides for APM and RUM:. Getting the server to work with HTTPS connections and, in the process, serve up its public certificate.Enabling HTTPS between any client and a server involves the following tasks: This connection can be hardened to use HTTPS. Being a visual tool, KeyStore Explorer enables easy analysis and modifications of TrustStores, thereby simplifying the overall hardening process.īy default, the RUM Engine connects to the APM Gateway server using HTTP connections (and vice versa). This can be used freely under the terms of GNU General Public License version 3. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface. KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. This document showcases the use of an external tool, KeyStore Explorer, to add trusted self-signed certificates to the RUM Engine as well as APM Gateway servers. Detailed steps for generating and exchanging certificates are described in the RUM Hardening Guide. The information in this document is useful when you create HTTPs communication between a RUM Engine server and an APM/BSM server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |