This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
TrueSight App Visibility Manager Server
App Visibility Proxy
App Visibility Proxy - All versions
When to use a different or custom security certificate (e.g. CA certificate) on the App Visibility Proxy component? And how to implement the custom security certificate on the App Visibility Proxy?
So a CA certificate is required on the App Visibility Proxy when one of the following items apply:
Item 1) When the App Visibility Manager components are required to communicate with each other on a secure connection
For Item 1 mentioned above, see the following link for more information about implementing the CA certificate on the App Visibility Manager components:
If the customer wants to use their own certificate to communicate between the different App Visibility components then they would need to obtain a certificate and import them into those BMC components. See the link below for the steps on changing the security certificate on all of the App Visibility Manager components:
The App Visibility Proxy must have a certificate installed for this host name, which will be trusted by end-user browsers.
•For internal applications, you can use a certificate signed by a local signing authority (with the root preinstalled on employee browsers).
•For external applications, you must provide a signed certificate.
See the link below for basic deployment options for TrueSight Operations Management (TSOM) components:
So the App Visibility Proxy uses SSL-encrypted beacons and injection requests and therefore must have a keystore with a certificate that is trusted by end-users’ browsers.
However if the web pages are HTTPS then the steps are:
Step 1) Customer would need to obtain a certificate approved by a recognized Certificate Authority (CA) or it could be a non-CA certificate (if preferred)
Step 2) Import the certificate into the App Visibility Proxy so the App Visibility Proxy trusts the user’s web browser and vice versa. If the certificate is signed and obtained from a CA then the end user web browser automatically trust it. If the certificate is self-signed (not from a CA) then the end user web browser will need to manually trust that certificate and site.
To perform Step 2 above, there are two options:
Option 1) Can import the keystore during the App Visibility Proxy installation. See the link below for more information:
Option 2) Can import the keystore after the App Visibility Proxy installation. See the link below for steps to import a keystore file on the App Visibility Proxy version 10.5.xx:
If importing the keystore file on App Visibility Proxy version 11.3.xx then see the following link: