How to replace the keystore file that is shipped with ThreadFix
The following instructions require that the location of the java keytool executable is accessible from your console application; you might need to add it to your path variables.
The certificate that will be generated is only for testing purposes and should not be used in production. (For prod, you should obtain a certificate generated by a Certificate Authority.)
Stop the Tomcat instance where ThreadFix is running.
In your console application:
- Navigate to a directory where you have write access.
- Generate a new keystore file with the following command (replacing the values
<<AliasName>>and<<Keystore.jks>>):keytool -genkey -alias <<AliasName>> -keyalg RSA -keystore <<KeystoreName.jks>> -keysize 2048
- Enter a keystore password; keep this safe.
- The keytool will then ask a few questions to gather information needed to generate the certificate.
- In ThreadFix:
- Move the file generated above to TOMCAT_HOME\webapps\threadfix\WEB-INF\classes\security\
- Open TOMCAT_HOME\webapps\threadfix\WEB-INF\classes\custom.propertiesin a text editor with XML support
- Replace the following lines with the values generated in the steps above; the value of
threadfix.saml.keyshould be replaced with your alias and the value ofthreadfix.saml.valuewith the password:threadfix.saml.key=denimgroupthreadfix.saml.value=4T-v}ryhs^kJ6./:2#Nt-s#D
- Open TOMCAT_HOME\threadfix\WEB-INF\security.xml in a text editor with XML support
- Replace the file name in
<constructor-arg value="classpath:security/samlKeystore.jks"/>to point to the keystore file generated in the steps above.
- Restart Tomcat
The ThreadFix metadata for SAML should be now using the new certificate.