The following process is used to implement private keys:
- The SSL private keys are uploaded to the TIM Collector using an HTTP/HTTPS connection to the administrative APM CE UI.
- The TIM Collector forwards these immediately without storing them to each enabled TIM.
- The TIM Collector encrypts the keys using 128-bit Advanced Encryption Standard (AES) and sends them over an HTTP(S) connection, encrypting the key again for the SSL connection if configured.
- The AES encryption key is not stored as a data file. It is hard-coded into the TIM and TIM Collector.
- Each TIM encrypts the key again using 256-bit AES, with a different key that is hard-coded into the TIM. The encrypted result is stored in the directory /etc/wily/cem/tim/config/webservers with a filename of the form 10.10.10.10-10.10.10.10~80.xml-enc.