When trying to import a security certificate into APM Command Center, it is shown as invalid in the Command Center browser interface. The same certificate works for APM's Enterprise Manager webview on the same server.
APM Command Center 10.x
The used keystore contains multiple keypairs that can be used to configure Jetty - each having its own alias. If no alias is explicitly set, the keymanager will pick the first alias that matches some internal criteria. The order which the keys are stored in the keystore is not always preserved.
To fix this, the alias of the desired keypair must be identified, and added to the ACC config file. This can be found by using a tool such as keystore-explorer, or examining the contents of a keystore with the command:
keytool -list -v -keystore /folder_where_keystore_is_located/name_of_keystore.keystore
This will output the contents of the keystore - look for the proper entry and note the value of "Alias name"
For example - here is the top section of a default APM keystore when using that command with the default.keystore that ships with the EM:
Alias name: wily
Creation date: Feb 28, 2008
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN=www.wilytech.com, OU=Wily Technology, O=CA, L=San Fransisco, ST=CA, C=US
Issuer: CN=www.wilytech.com, OU=Wily Technology, O=CA, L=San Fransisco, ST=CA, C=US
Valid from: Thu Feb 28 17:07:53 EST 2008 until: Sun Jul 15 18:07:53 EDT 2035
In this example (above) the alias name would be wily.
After identifying the proper alias, add the following entry to the ACC config file apmccsrv.properties and restart the ACC Server:
javax.net.ssl.alias=<alias of keypair>