As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Replace SAML Certificate
You will learn
How to replace the keystore file that is shipped with ThreadFix.
Prerequisites
Audience: IT Professional or End User
Difficulty: Intermediate
Time needed: Approximately 5 minutes
Tools required: Java Keytool executable
Replacing Keystore File
The following instructions require that the location of the java keytool executable is accessible from your console application; you might need to add it to your path variables.
The certificate that will be generated is only for testing purposes and should not be used in production. (For prod, you should obtain a certificate generated by a Certificate Authority.)
Stop the Tomcat instance where ThreadFix is running.
In your console application:
Navigate to a directory where you have write access.
Generate a new keystore file with the following command (replacing the values
<<AliasName>>
and<<Keystore.jks>>
):keytool -genkey -alias <<AliasName>> -keyalg RSA -keystore <<KeystoreName.jks>> -keysize 2048
Enter a keystore password; keep this safe.
The keytool will then ask a few questions to gather information needed to generate the certificate.
In ThreadFix:
Move the file generated above to TOMCAT_HOME\webapps\threadfix\WEB-INF\classes\security\
Open TOMCAT_HOME\webapps\threadfix\WEB-INF\classes\custom.properties in a text editor with XML support
Replace the following lines with the values generated in the steps above; the value of
threadfix.saml.key
should be replaced with your alias and the value ofthreadfix.saml.value
with the password:threadfix.saml.key=denimgroup
threadfix.saml.value=4T-v}ryhs^kJ6./:2#Nt-s#D
Open TOMCAT_HOME\threadfix\WEB-INF\security.xml in a text editor with XML support
Replace the file name in
<constructor-arg value="classpath:security/samlKeystore.jks"/>
to point to the keystore file generated in the steps above.
Restart Tomcat
The ThreadFix metadata for SAML should be now using the new certificate.
Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.