How to enable HTTPS (SSL) in CA Performance Manager (CAPM) using a self-signed certificate

Document ID : KB000032131
Last Modified Date : 14/02/2018
Show Technical Document Details


The following procedure will help you to configure CAPM to use a self-signed certificate to enable SSL communication (HTTPS).



Complete the following steps:

  1. Change the keystore's password for JSSE from changeit to <your_password> 

    $CAPM_HOME/jre/bin/keytool -storepasswd -keystore $CAPM_HOME/jre/lib/security/cacerts 

  2. Remove the default CAPM keystore 

    mv $CAPM_HOME/PerformanceCenter/jetty-7.2.0/etc/keystore $CAPM_HOME/PerformanceCenter/jetty-7.2.0/etc/keystore.bck

  3. Create a self-signed certificate for CAPMs keystore

    $CAPM_HOME/jre/bin/keytool -genkey -keyalg RSA -alias <CAPC_Hostname> -keystore $CAPM_HOME/PerformanceCenter/jetty-7.2.0/etc/keystore -storepass <your_password> -keysize 2048

  4. Import the self-signed certificate to the JSSE keystore

    $CAPM_HOME/jre/bin/keytool -importkeystore -srckeystore $CAPM_HOME/PerformanceCenter/jetty-7.2.0/etc/keystore -destkeystore $CAPM_HOME/jre/lib/security/cacerts -srcstorepass <your_password> -deststorepass <your_password> -srcalias <CAPM_Hostname> -destalias <CAPM_Hostname>

  5. Continue with the SSO HTTPS configuration steps from the CAPM documentation.



  • $CAPM_HOME is the directory where CAPC was installed; default is /opt

  • <your_password> is the password you chose for the self-signed certificate

  • <CAPM_Hostname> is the host name set on the CAPM Server

  • Change on the jetty-ssl.xml file PASSWORD to <your_password>.