CA Performance Manager SSL password configuration

Document ID : KB000013530
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

There are a few passwords set when creating and configuring SSL certificates in CA Performance Managers CA Performance Center server. These passwords are set in jetty configuration files in various variables. The variable labels are not exact matches for the fields the passwords are set in which can lead to confusion.

Question:

Which passwords get set in the jetty ssl.ini config files when setting up SSL in CA Performance Managers CA Performance Center web server? 

Note that this also applies to releases r2.7 and earlier where the files used were called jetty-ssl.xml instead of the current ssl.ini file names.

Environment:
r2.8 and newer releases: ssl.ini filer2.7 and earler releases: jetty-ssl.xml file
Answer:

Focusing on the files in the r2.8 and newer releases, the files with password fields that require edits are as follows. Note default installation home locations are used here. Replace with your custom home path as needed.

 

/opt/CA/PerformanceCenter/PC/start.d/ssl.ini: 

jetty.sslContext.keyStorePassword=***PASSWORD*** 

jetty.sslContext.keyManagerPassword=***PASSWORD*** 

jetty.sslContext.trustStorePassword=***PASSWORD*** 

 

/opt/CA/PerformanceCenter/sso/start.d/ssl.ini 

jetty.sslContext.keyStorePassword=***PASSWORD*** 

jetty.sslContext.keyManagerPassword=***PASSWORD*** 

jetty.sslContext.trustStorePassword=***PASSWORD*** 

 

The correct passwords to utilize for each variable are:

A: For this entry:

jetty.sslContext.keyManagerPassword=***PASSWORD*** 

This is what is normally set/used for the value to "-keypass" when first generating the initial self signed certificate with the "keytool -genkeypair" command. 

 

B: For both of these:

jetty.sslContext.keyStorePassword=***PASSWORD*** 

jetty.sslContext.trustStorePassword=***PASSWORD***

This is what is normally set/used for the value to "-storepass" when first generating the initial self signed certificate with the "keytool -genkeypair" command. These are normally the same password.