6/14/16 Installing and Maintaining Certificates with IBM® Security AppScan™ Enterprise and IBM® Security AppScan™ Source Author notes: <please delete these instructions before presenting> This is the IBM Security Default Template for both internal and external use. It’s aspect ratio is 16:10 and measures 10 x 6.25”. This template was created in Microsoft PowerPoint 365 Pro Plus 2016. Template files (saved with the file extension .potx) contain slide designs and customized layouts and are stored in your Microsoft templates folder* To save your new template as your default template for future use: Click “File / Save as” and choose “PowerPoint template (.potx) from the pull down menu” Rename file to, “Blank.potx” and click “Save” (file will then be stored to the default template location) Themes provide a complete slide design that can be applied to your existing presentation, including background designs, font styles, colors, and layouts To save your new template’s theme file; click “View / Slide Master / Themes” On the Themes pull down menu, select, “Save Current Theme” This new Theme file is how you apply the new template design to your existing presentations For more information, visit: Office.com / PowerPoint / Support Copy your existing source slides in slide sorter view Paste special by right-clicking in slide sorter view of destination file or template Select “Keep source formatting” This helps to ensure your slides retain their existing styles Each slide needs to be adjusted by doing the following in “Normal view” Select body content except title and footer by (Control “A”; then select title and footers while holding shift key) Cut remaining selected body content (Control “X”) Reset slide layout using new template layouts Paste slide content back onto slide (Control “V”) Learn more about using templates, visit: Office.com / PowerPoint / Support Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free: 866-803-2145 USA toll: 1-210-795-1099 Participant passcode: 4664549 Slides and additional dial in numbers: http://www.ibm.com/support/docview.wss?uid=swg27048560 NOTICE: By participating in this call, you give your Irrevocable consent to IBM to record any statements that you may make during the call, as well as to IBM’s use of such Recording in any and all media, including for video postings on YouTube. If you object, please do not connect to this call. August 17, 2016 1 1

Karl Weinert – AppScan Source Support Engineer 8/15/16 Presenter: Karl Weinert – AppScan Source Support Engineer Panelist: Sherald Howe - AppScan Source Escalation Engineer Scott Hurd - AppScan Support Engineer Joe Lacy - AppScan Support Engineer Marek Stepien – AppScan Knowledge Leader Moderator: Joe Kiggen – AppScan and SKLA Support Manager 2 2 2

8/15/16 Goal of session Understanding how to install and maintain certificates in the AppScan Enterprise and AppScan Source products. 3 3

Certificates introduction AppScan Enterprise 8/15/16 Agenda Certificates introduction AppScan Enterprise Installing Certificates using IIS Export KeyStore from IIS Add KeyStore to Liberty Convert KeyStore to a Java KeyStore Creating a Certificate request AppScan Source Import Certificates to AppScan Source KeyStore 4 4

5

Certificate Store KeyStore Certificate Format 6

Certificate Authority Well Known Certificate Authority Self Signed Certificate Default Company Managed Certificate Authority 7

Windows Firefox 8

Certificates in AppScan Enterprise 9

10

11 11

Installing Certificates using Internet Information Server (IIS) 12

13

14

15

16

17

18

Send the request to your Certificate Authority for signing 19

20

21

22

23

Bind the Certificate to the Web Server 24

25

26

27

28

Export the KeyStore for use with the WebSphere Liberty Server 29

30

31

32

WebSphere Liberty server Add the KeyStore to the WebSphere Liberty server 33

C:\Program Files (x86)\IBM\AppScan Enterprise\WFCfgWiz.exe 34

Convert the KeyStore to a Java KeyStore with Ikeyman Ikeyman.exe is IBM’s Java certificate tool. 35

C:\Program Files (X86)\IBM\AppScan Enterprise\Java\jre\bin\ikeyman.exe 36

37

38

39

40

41

42

43

44

45

WFCfgWiz.exe 46

C:\Program Files (x86 )\IBM\AppScan Enterprise\WebApp\ AppScan-For-Liberty.pfx AppScan-For-Liberty.jks 47

Creating a Certificate request with Ikeyman 48

Create a jks KeyStore 49

50

51

52

53

Create the Certificate Request 54

55

56

57

58

certreq.arm 59

Send the request to your Certificate Authority for signing 60

Import the Certificate 61

62

63

64

65

WFCfgWiz.exe 66

Additional Notes 67

Signed Certificate 68

Obtain the root and any intermediate certificates from your CA and import them into Windows and Firefox 69

Windows 70

Firefox 71

Certificates in AppScan Source 72

73

74

ASE Server AppScan Source Client cacerts C:\Program Files (x86)\IBM\AppScanSource\jre\lib\security\cacerts 75 75

C:\ProgramData\IBM\AppScanSource\config\cacertspersonal ASE Server AppScan Source Client cacerts cacertspersonal C:\ProgramData\IBM\AppScanSource\config\cacertspersonal 76 76

77

78

79

Save and Import Certificates from Windows KeyStore to the AppScan Source KeyStore 80

81

82

83

84

85

Repeat for any intermediate certificates 86

Create the cacerts personal certificate store with 'certificatetool Create the cacerts personal certificate store with 'certificatetool.bat' This tool is located in: C:\Program Files (x86)\AppScanSource\bin\ 87

Certificate_Location is the full path to the savedcrt\cer file. …bin>certificatetool.bat -h Description: This is a tool to add SSL Certificates to AppScan Source Keystore. Usage: CertificateTool <Certificate_Location> <Keystore_Location> <Certificate_Location>: where SSL Certificate (.crt) or (.cer) is located <Config_Location>: <install_dir>\config\ -h/-help: Help Usage: CertificateTool <Certificate Location> <AppScan Config Directory> Certificate_Location is the full path to the savedcrt\cer file. AppScan Config Directory is where cacertspersonal KeyStore is located. By default that is C:\ProgramData\IBM\AppScanSource\config . 88

Intermediate Certificate Root Certificate ...\bin>certificatetool.bat c:\AppScanRoot.cer C:\ProgramData\IBM\AppScanSource\config Starting AppScan Source Certificate Tool... SUCCESS: The Certificate AppScanRoot.cer has been added! Intermediate Certificate …bin>certificatetool.bat c:\AppScanIntermediate.cer C:\ProgramData\IBM\AppScanSource\config Starting AppScan Source Certificate Tool... SUCCESS: The Certificate AppScanRoot.cer has been added! 89

Additional Notes 90

Updated Java Policy Files 91

AppScan Enterprise Server: US_export_policy.jar local_policy.jar AppScan Enterprise Server: C:\Program Files (X86)\ AppScan Enterprise\Liberty\jre\lib\security AppScan Source: C:\Program Files (X86)\AppScanSource\jre\lib\security 92

Questions for the panel 8/16/16 Questions for the panel Now is your opportunity to ask questions of our panelists. To ask a question now: Press *1 to ask a question over the phone or Type your question into the IBM Connections Cloud Meeting chat To ask a question after this presentation: You are encouraged to participate in our Forum on this topic - http://www.ibm.com/support/docview.wss?uid=swg27048560 93 93 93

Get started with IBM Security Support Header content 1 | header content 2 6/14/16 Where do you get more information? Questions on this or other topics can be directed to the product forum: AppScan Standard forum. More articles you can review: AppScan Enterprise Information Center: Updating the Java SDK policy files IBM Http Server Documentation: Using the Key Management Utility Useful links: Get started with IBM Security Support IBM Support Portal | Sign up for “My Notifications” Follow us: 94 94

Mandatory closing slide with copyright and legal disclaimers. 8/15/16 Mandatory closing slide with copyright and legal disclaimers. 95 95 95