Skip to main content

Replacing an Expired TLS Certificate

If you run IAST in a secured (https) environment, you provide your own TLS (Transport Layer Security) certificate that secures the communication between the browser, the IAST agents, the IAST anager and Access Control. To replace an expired TLS certificate, do the following:

1. Stop the IAST Manager and Access Control services and stop all applications under testing (AUTs) that are running with an IAST agent.

2. Replace the old certificate with the new one. The certificate is a PFX file that contains both private and public keys. Keep the file name and its path. The path of the PFX file is defined under the cx.iast.cert.pfx.path value in the

<installation dir>/CxIAST/Manager/webapps/ROOT/META-INF/ property file.

3. Replace the CER file that contains the public key under <installation dir>/Tomcat/lib/server.cer. Maintain the file name server.cer.

4. Replace the CER file that resides in the agent folders of the applications under testing (AUTs) as well. The CER files reside in the AUTs agent folders as follows:

  • java- cxiast-java-agent/server.cer - Maintain the file name server.cer

  • cSharp - cxiast-cSharp-agent/CxHome/server.cer - Maintain the file name server.cer

  • nodejs- cxiast-nodejs-agent/package.ssl/ca.pem - Maintain the file name ca.pem

5. Replace the CER files for the demo applications. These files reside in the following folders:

  • <installation dir>/CxIAST/Agent/certificate.cer - Maintain the file name certificate.cer

  • <installation dir>/CxIAST/Agent/server.cer - Maintain the file name server.cer

6. Restart the services and the applications under testing.