Instana

Instana

The community for performance and observability professionals to learn, to share ideas, and to connect with others.

 View Only

How to configure the APMv8 WRT agent to monitor network traffic of Microsoft IIS

By Kirk Bixler posted Wed August 22, 2018 12:00 AM

  

Can found following section in APM 8.1.4 document when available.           
                                                                        
Importing keys from Internet Information Services                       
To extract keys from Internet Information Services and import them into
the KT5Keystore, complete the following steps:     

                     
1. Install a Response Time Monitoring agent on each HTTPS web server    
that you want to monitor.                                               
                                                                        
2. Export a .pfx file from Internet Information Services:               
a. From the Windows Start menu, select Administrative Tools > Internet  
Information Services (IIS) Manager.                                     
b. Select the web server and site whose private key you want to export,
then                                                                    
right-click and select Properties from the context menu.                
c. Select the Directory Security tab, then select Server Certificate in
the                                                                     
Secure communications section.                                          
d. In the IIS Certificate Wizard, click Next.                           
e. Select Export the current certificate to a .pfx file and click Next.
f. Enter the path and file name and click Next.                         
g. Enter an export password for the key and click Next.                 
h. Click Next on all subsequent pages, then click Finish.               
                                                                        
3. Extract Personal and Signer Certificates from the .pfx file:         
a.Run IBM Key Management (iKeyman) from within the IBM Java bin         
directory using the command c:\IBM\APM\java\java80_x64\jre\bin\ ikeyman.
Ensure that the environment variable JAVA_HOME is set.                  
b.In the Keystore database, select File > Open.                         
c.From the Key database type list, select PKCS12.                       
d.Enter the name and path for the .pfx file you created above, then     
click OK. When prompted, enter the password, then click OK.             
e.Select Key Database Content > Personal Certificates, then click       
Export/Import.                                                          
f.Select an Action Type of Export Key and a Key File Type of PKCS12.    
Enter a file name and location for the exported key and click OK. When  
prompted, enter an export password, then click OK again.                
g.If the Personal Certificate was signed by a Certificate Authority,    
select Key Database Content > Signer Certificates and click Extract.    
Select the default file type, and enter a file name and location for the
exported certificate, then click OK.                                    
                                                                        
4. Extract Signer .cer files (if needed):                               
a. If a Signer Certificates file was extracted from the .pfx file,      
navigate to the directory where it was saved, and make a new copy with  
the extension .cer. Double-click the new copy to open it using the      
Windows Certificate viewer.                                             
b. On the Certification Path tab, you can view the signer certificate   
chain. The lowest item in the chain should be the Personal Certificate.
For all certificates above it, do the following:                        
1) Select a certificate and click View Certificate.                     
2) Select Details and click Copy to File.                               
3) Accept all defaults in the Certificate Export Wizard and enter a     
filename with the .cer extension.                                       
                                                                        
5. Create a new Keystore database. In the New dialog box, complete the  
following steps:                                                        
a.From the Key database type list, select CMS, and enter a filename and
location. When prompted, enter a password for the new keystore.         
Note: Ensure you select Stash the password to a file.                   
b.If Signer Certificates were extracted from the .pfx file, do the      
following:                                                              
1) Select Key Database Content > Signer Certificates.                   
2) For each signer certificate, click Add and add the .cer file.        
c.Select Key Database Content > Personal Certificates and click Import.
d.Select the key file type PKCS12, and the name and location of the .p12
file. When prompted, enter the password.                                
e.Save the keystore and exit the key management utility.                
f.Copy the .kdb and .sth files to the KT5Keystore on the Response Time  
Monitoring appliance machine.                                           
g.Place the IBM Key Management database files (.kdb) and stash (.sth) in
a safe directory, and ensure that they are only readable by             
Administrator or root (or the user ID that was used to install the      
Response Time Monitoring agent).                            

0 comments
9 views

Permalink

https://community.ibm.com/community/user/blogs/kristen-meren/2018/08/22/how-to-configure-the-apmv8-wrt-agent-to-monitor-ne