📙 You will learn
How to replace the keystore file that is shipped with ThreadFix.
Prerequisites
Audience: IT Professional or End User
Difficulty: Intermediate
Time needed: Approximately 5 minutes
Tools required: Java Keytool executable
Replacing Keystore File
| Note |
|---|
The following instructions require that the location of the java keytool executable is accessible from your console application; you might need to add it to your path variables. |
Stop the Tomcat instance where ThreadFix is running.
In your console application:
Navigate to a directory where you have write access.
Generate a new keystore file with the following command (replacing the values
<<AliasName>>and<<Keystore.jks>>):keytool -genkey -alias <<AliasName>> -keyalg RSA -keystore <<KeystoreName.jks>> -keysize 2048
Enter a keystore password; keep this safe.
The keytool will then ask a few questions to gather information needed to generate the certificate.
In ThreadFix:
Move the file generated above to TOMCAT_HOME\webapps\threadfix\WEB-INF\classes\security\
Open TOMCAT_HOME\webapps\threadfix\WEB-INF\classes\custom.properties in a text editor with XML support
Replace the following lines with the values generated in the steps above; the value of
threadfix.saml.keyshould be replaced with your alias and the value ofthreadfix.saml.valuewith the password:threadfix.saml.key=denimgroupthreadfix.saml.value=4T-v}ryhs^kJ6./:2#Nt-s#D
Open TOMCAT_HOME\threadfix\WEB-INF\security.xml in a text editor with XML support
Replace the file name in
<constructor-arg value="classpath:security/samlKeystore.jks"/>to point to the keystore file generated in the steps above.
Restart Tomcat
The ThreadFix metadata for SAML should be now using the new certificate.
Table of Contents
| Table of Contents |
|---|