As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Replace SAML Certificate

Owned by Hector Ruiz (Unlicensed)
Last updated: Dec 06, 2021 by Daniel Colon

You will learn

How to replace the keystore file that is shipped with ThreadFix.

Prerequisites

Audience: IT Professional or End User
Difficulty: Intermediate
Time needed: Approximately 5 minutes
Tools required: Java Keytool executable

 

Replacing Keystore File

The following instructions require that the location of the java keytool executable is accessible from your console application; you might need to add it to your path variables.
The certificate that will be generated is only for testing purposes and should not be used in production. (For prod, you should obtain a certificate generated by a Certificate Authority.)

  1. Stop the Tomcat instance where ThreadFix is running.

  2. In your console application:

    • Navigate to a directory where you have write access.

    • Generate a new keystore file with the following command (replacing the values <<AliasName>> and <<Keystore.jks>>):

      • keytool -genkey -alias <<AliasName>> -keyalg RSA -keystore <<KeystoreName.jks>> -keysize 2048

    • Enter a keystore password; keep this safe.

    • The keytool will then ask a few questions to gather information needed to generate the certificate.

  3. In ThreadFix:

    • Move the file generated above to TOMCAT_HOME\webapps\threadfix\WEB-INF\classes\security\

    • Open TOMCAT_HOME\webapps\threadfix\WEB-INF\classes\custom.properties in a text editor with XML support

    • Replace the following lines with the values generated in the steps above; the value of threadfix.saml.key should be replaced with your alias and the value of threadfix.saml.value with the password:

      • threadfix.saml.key=denimgroup

      • threadfix.saml.value=4T-v}ryhs^kJ6./:2#Nt-s#D

    • Open TOMCAT_HOME\threadfix\WEB-INF\security.xml in a text editor with XML support

    • Replace the file name in <constructor-arg value="classpath:security/samlKeystore.jks"/> to point to the keystore file generated in the steps above.

  4. Restart Tomcat
    The ThreadFix metadata for SAML should be now using the new certificate.

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.