Adding SSL or Additional Functionalities to the IAST Management Server under Windows
To add additional functionalities such as SSL that have not been added with your original installation. you have to re-install the application over the existing IAST installation and select the relevant options.
Before installing the IAST Management server, check that you can connect to the SQL server using the ‘sa’ user. You may validate the connectivity to the SQL server by using SQL Server Management Studio (SSMS). Confirm that the SQL Server Services are running and restart the services, if you made any changes.
Note
These instructions are targeted towards re-installing the current version of IAST with added functionalities. For information about upgrading your version, refer to Upgrading the IAST Management Server.
It is recommended to verify that you can connect to the database over TCP. You can use the following to confirm that you are getting a list of some table names:
sqlcmd -S tcp:localhost\sqlexpress -U user -P pwd -Q "select name from sys.tables"
If you intend to connect to your database server using the IAST Windows Authentication Configuration (either Domain User or Network Service), make sure that the domain user with which you are starting the IAST Management Server installation has access permissions to the database server.
Navigate to the folder where you kept the installation files.
Right-click IAST Installer and select Run as Administrator to start the Checkmarx installer.
Follow the onscreen instructions to accept the license agreement.
Click <Next>. You are asked how to proceed with your existing installation.
To make changes in the configuration such as adding functionalities and enabling options like SSL, click <Edit Configuration>.
To re-install the demo application, select Demo Server.
Follow the onscreen instructions as explained under Installing the IAST Management Server under Windows.
To enable SSL, check Configure SSL once the SSL Configuration dialog appears and enter the SSL settings as specified below.
Note
If the SSL Certificate files required for the installation are located on the Desktop, there might be permission issues when the user attempts to load them. In such a case, it is recommended to move the SSL Certificate files to a location where the user has full access permissions before loading them. Such a location is for example the home user folder.
Field
Description
Configure SSL
Check to enable SSL configuration settings.
Enable TLS 1.0 and TLS 1.1
By default, only TLS 1.2 is enabled.
To enable TLS 1.0 and TLS 1.1 in addition, check Enable TLS 1.0 and TLS 1.1
Fully qualified domain name
The domain name associated with the certificate file.
SSL port
The SSL port to be used by the IAST server.
JKS file
The location of the JKS file.
JKS password
The password associated with the uploaded JKS file.
PFX file
The location of the PFX file.
PFX password
The password associated with the uploaded PFX file.
CER file
The location of the certificate.
Click <Install> to re-install IAST.
Once the Setup Completed window appears, click <Finish> to complete the installation.
Verify that the IAST services have been started. For further information and instructions, refer to the next section.
Navigate to the Windows Services at Start > Control Panel > System Security > Administrative Tools > Services.
Confirm that the following IAST services have started:
CxAccessControl – Authentication Server.
CxIAST Demo – Contains the preinstalled demo applications which are monitored by the CxAgent.
CxIAST Manager – Management Server.
Close the Services dialog.