Open topic with navigation

Configure SSL

If you want to use SSL for connections from APM Connect, this step is required.

About This Task

If you want to use SSL when moving data through the system, you must import security certificates from the secured application into a truststore file accessible to APM Connect. This procedure describes the process for a single application. You can import multiple certificates into a single truststore file by repeating this procedure for each application requiring SSL.

IMPORTANT: When copying the certificates, make sure that you only log in to the application requiring SSL access to APM Connect.

Note: If you want to use SSL with GE Digital APM web services, contact GE Global Support.

Steps

1. Log in to your application, and then access the certificate information for your browser.

   Note: Typically, you can access certificate information by selecting the lock icon in the address bar.

   The Certificate window appears.

2. Select Details, and then select Copy to File....

   The Certificate Export Wizard window appears.

   

3. Select Next.

4. In the Export File Format window, select DER encoded binary X.509 (.cer), and then select Next.

5. In the File to Export window, select Browse….

   The Save As window appears.

6. Save the file to your Desktop under the name certificate.cer.

7. Select Next.

8. Select Finish.

   The Certificate Export Wizard window appears.

   

9. Select OK.

10. Copy the certificate.cer file, and then paste it into the location for Java files on your machine.

    Tip: For example, if your Java files are located at C:\Program Files\Java\jre7\bin, you will want to copy the certificate.cer file to that bin folder.

11. On the APM Connect server, access the Command Prompt window as an Administrator, and then navigate to the location of the Java files on your machine.

12. Enter keytool.

    Commands for the Key and Certificate Management Tool appear in the Command Prompt.

13. In the last line line, C:\Program Files\Java\jre7\bin>, enter keytool –importcert –alias test –file certificate.cer –keystore publickey.store.

14. Enter a password, and confirm the password by reentering it.

    In the Command Prompt window, you are asked if you want to trust the certificate.

15. For yes, enter y.

    The keystore file is created.

16. For the Karaf service, navigate to the location of the Karaf JDK, and then repeat steps 12 through 15 using the path and password for the Karaf service JDK.

    • For the value of the keystore argument, use the file path of the Karaf JDK, (for example, C:\Program Files\Java\<JDK version>\jre\lib\security\cacerts).

    • The default password for keytool is changeit. Enter your unique value.

17. Access the context file, and then enter the following values for the corresponding parameters:

    • TRUSTSTORE_FILE: The location of the truststore file.

    • TRUSTSTORE_PASSWORD: The password you entered in the Command Prompt window when you installed the certificate.
    • USE_SSL: true.

    • APM_API_USE_SSL: true, if you are using SSL on the GE Digital APM Server.

    SSL is now enabled for the applications for which you imported the certificates.

What's Next?

• Refer back to the first-time deployment workflow.

• Deploy Modules and Features
• GE Digital APM Installation and Upgrade

Copyright © 2018 General Electric Company. All rights reserved.