To make your CA Wily environment more secure, you can generate a new public and private key for each Collector, place the public keys on the MOM, and update the MOM's Collector properties.
We are using APM 10.0.0.12. We need to replace the out-of-the-box public and private key. Can we use Openssl to generate the keys? If it is possible can you advise the command for generating EM compatible public and private keys.
Since the EM.public and EM.private keys are use for communication between MOMs/CDV to Collectors, what does the keystore/truststore provide or do
securing communications between MOMs/CDV to Collectors? Rephrasing the question, when do you use the keystore and truststore - can you use it to secure the communications between MOMs/CDV to Collectors?
APM - all environments
1. The keys can be regenerated using this command syntax which is documented under Define and Configure Introscope Domains in the Security section of the APM 10.0 Documentation wiki:
java -classpath product\enterprisemanager\plugins\com.wily.introscope.em.client14_10.0.0.jar;lib\CLWorkstation.jar;product\enterprisemanager\configuration\org.eclipse.osgi\bundles\40\1\.cp\lib\WilyBouncyCastle.jar com.wily.util.encryption.KeyGenerator EM.public EM.private
/jre/bin/java -classpath "product/enterprisemanager/plugins/com.wily.introscope.em.client14_10.1.0.jar:lib/CLWorkstation.jar:product/enterprisemanager/configuration/org.eclipse.osgi/bundles/40/1/.cp/lib/WilyBouncyCastle.jar" com.wily.util.encryption.KeyGenerator EM.public EM.private
NOTES: The above example is for APM 10.0 & the class file name & ogi bundles directory node will change across versions. The keys are only used for password encryption/decryption and they need to be generated with the above com.wily.util.encryption.KeyGenerator.
2. Using SSL for cluster communication between MOM & Collectors is not supported because SSL causes too much overhead for optimum communication performance. So the only things that can be controlled are the EM public/private keys used for the password encryption. The keystore and truststore relate only to APM client-EM SSL communications i.e. agent/workstation SSL communications with the EM. This is covered in detail in existing Tech Doc TEC1782586.