- Checkmarx Documentation
- IAST Documentation
- Setup Guide
- Installing and Configuring IAST
- Replacing an Expired TLS Certificate
Replacing an Expired TLS Certificate
If you run IAST in a secured (https) environment, you provide your own TLS (Transport Layer Security) certificate that secures the communication between the browser, the IAST agents, the IAST anager and Access Control. To replace an expired TLS certificate, do the following:
Stop the IAST Manager and Access Control services and stop all applications under testing (AUTs) that are running with an IAST agent.
Replace the old certificate with the new one. The certificate is a PFX file that contains both private and public keys. Keep the file name and its path. The path of the PFX file is defined under the
cx.iast.cert.pfx.path
value in the property file:<installation dir>/CxIAST/Manager/webapps/ROOT/META-INF/application.global.properties
Replace the CER file that contains the public key under
<installation dir>
/Tomcat/lib/server.cer
Maintain the file name
server.cer
.Replace the CER file that resides in the agent folders of the applications under testing (AUTs) as well. The CER files reside in the AUTs agent folders as follows:
java -
cxiast-java-agent/server.cer
- Maintain the file nameserver.cer
cSharp -
cxiast-cSharp-agent/CxHome/server.cer
- Maintain the file nameserver.cer
nodejs -
cxiast-nodejs-agent/package.ssl/ca.pem
- Maintain the file nameca.pem
Replace the CER files for the demo applications. These files reside in the following folders:
<installation dir>/CxIAST/Agent/certificate.cer
- Maintain the file namecertificate.cer
<installation dir>/CxIAST/Agent/server.cer
- Maintain the file nameserver.cer
Restart the services and the applications under testing.