This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fortify SSL Configuration for SSC, LIM, etc

Hi guys,

I want to know how exactly configure Fortify SSC with SSL in order to change the Application URL. I tried to found any information about it but I couldn't found anything useful, so I ask here.

Currently I have the following urls:

LIM:

SSC:

Parents Reply Children
  • I'm not totally sure how Fortify goes about everything. There are lots of ways to deploy this stuff, but they're all based on a standard and you can go back and forth if you understand if you the environment you are working in.  In a class I wrote last year (NetIQ Access Manager) I tried to explain this from a fundamental point-of-view.  I don't know if the lab manual is available, I just write 'em but you may ask the Education folks.  It may help some.

  •   . Lets start from the beginning, as I'm sure that there are other people like you with the same question. I'm writing this with the assumption that a reader has no prior knowledge of Tomcat, but they've at least been sucessful with getting Tomcat to turn on.

    There are a few key components here that we need to give special attention to if you want to enable SSL/TLS with Tomcat.

    - jks : A jks (java key store) is a single binary file that's used to hole onto public certs/keys and private certs/keys. Regardless if you're using a self-signed certificate or a certificate signed by a trusted root CA, you will need to generate one of these. When you generate a new jks, you automatically generate a private key which is automatically embedded in the jks file. After you create the jks, you will then need to generate a CSR that your internal CA will need to sign. If you're wanting to use a self-signed certificate, then you'll need to create your own private CA using something like OpenSSL, then using that to sign your CSR. After signing your CSR, import the signed CSR back into your jks.

    - cacerts : This is a special jks file that's provided by the JRE/JDK that you installed. If you are using an internal CA, then you will need to import the public certificates of your internal root CA and any other important, internal, intermediate CAs into the cacerts file. This file is password protected with a default password. This default password is "changeme". If youre using a self-signed certificate, then you will still probably want to import your public certificate into this file. For any other fortify tool that needs to communicate with the Fortify SSC server, you will need to import the SSC server's public certificate and your internal CA certs into the cacerts file for all the other Fortify SCA installations.

    - server.xml :  This is a config file provided by Tomcat. We are interested in this config file because this is what we will modify to enable SSL and establish which port to listen on for Tomcat.

    In order for us to help you, can you first start things off by posting the contents of your server.xml?