1. 6/14/16
Installing and Maintaining Certificates with IBM® Security AppScan™ Enterprise and IBM® Security AppScan™ Source
Author notes: <please delete these instructions before presenting>
This is the IBM Security Default Template for both internal and external use. It’s aspect ratio is 16:10 and measures 10 x 6.25”. This template was created in Microsoft PowerPoint 365 Pro Plus 2016.
Template files (saved with the file extension .potx) contain slide designs and customized layouts and are stored in your Microsoft templates folder*
To save your new template as your default template for future use:
Click “File / Save as” and choose “PowerPoint template (.potx) from the pull down menu”
Rename file to, “Blank.potx” and click “Save” (file will then be stored to the default template location)
Themes provide a complete slide design that can be applied to your existing presentation, including background designs, font styles, colors, and layouts
To save your new template’s theme file; click “View / Slide Master / Themes”
On the Themes pull down menu, select, “Save Current Theme”
This new Theme file is how you apply the new template design to your existing presentations
For more information, visit: Office.com / PowerPoint / Support
Copy your existing source slides in slide sorter view
Paste special by right-clicking in slide sorter view of destination file or template
Select “Keep source formatting”
This helps to ensure your slides retain their existing styles
Each slide needs to be adjusted by doing the following in “Normal view”
Select body content except title and footer by (Control “A”; then select title and footers while holding shift key)
Cut remaining selected body content (Control “X”)
Reset slide layout using new template layouts
Paste slide content back onto slide (Control “V”)
Learn more about using templates, visit: Office.com / PowerPoint / Support
Reminder: You must dial-in to the phone conference to listen to the panelists.
The web cast does not include audio.
USA toll-free: USA toll:
Participant passcode:
Slides and additional dial in numbers:
NOTICE: By participating in this call, you give your Irrevocable consent to IBM to record any statements that you may make during the call, as well as to IBM’s use of such Recording in any and all media, including for video postings on YouTube. If you object, please do not connect to this call.
August 17, 2016 1 1

2. Karl Weinert – AppScan Source Support Engineer
8/15/16
Presenter:
Karl Weinert – AppScan Source Support Engineer
Panelist: Sherald Howe - AppScan Source Escalation Engineer Scott Hurd - AppScan Support Engineer Joe Lacy - AppScan Support Engineer Marek Stepien – AppScan Knowledge Leader
Moderator:
Joe Kiggen – AppScan and SKLA Support Manager 2 2 2

3. 8/15/16
Goal of session
Understanding how to install and maintain certificates in the AppScan Enterprise and AppScan Source products. 3 3

4. Certificates introduction AppScan Enterprise
8/15/16
Agenda
Certificates introduction
AppScan Enterprise
Installing Certificates using IIS
Export KeyStore from IIS
Add KeyStore to Liberty
Convert KeyStore to a Java KeyStore
Creating a Certificate request
AppScan Source
Import Certificates to AppScan Source KeyStore 4 4

5. 5

6. Certificate Store KeyStore
Certificate Format 6

7. Certificate Authority
Well Known
Certificate Authority
Self Signed
Certificate
Default
Company Managed
Certificate Authority 7

8. Windows
Firefox 8

9. Certificates in AppScan Enterprise9

10. 10

11. 11 11

12. Installing Certificates using Internet Information Server (IIS)12

13. 13

14. 14

15. 15

16. 16

17. 17

18. 18

19. Send the request to your Certificate Authority for signing19

20. 20

21. 21

22. 22

23. 23

24. Bind the Certificate to the Web Server24

25. 25

26. 26

27. 27

28. 28

29. Export the KeyStore for use with the WebSphere Liberty Server29

30. 30

31. 31

32. 32

33. WebSphere Liberty server
Add the KeyStore to the
WebSphere Liberty server 33

34. C:\Program Files (x86)\IBM\AppScan Enterprise\WFCfgWiz.exe34

35. Convert the KeyStore to a Java KeyStore with Ikeyman
Ikeyman.exe is IBM’s Java certificate tool. 35

36. C:\Program Files (X86)\IBM\AppScan Enterprise\Java\jre\bin\ikeyman.exe36

37. 37

38. 38

39. 39

40. 40

41. 41

42. 42

43. 43

44. 44

45. 45

46. WFCfgWiz.exe 46

47. C:\Program Files (x86 )\IBM\AppScan Enterprise\WebApp\ AppScan-For-Liberty.pfx AppScan-For-Liberty.jks 47

48. Creating a Certificate request with Ikeyman48

49. Create a jks KeyStore 49

50. 50

51. 51

52. 52

53. 53

54. Create the Certificate Request54

55. 55

56. 56

57. 57

58. 58

59. certreq.arm 59

60. Send the request to your Certificate Authority for signing60

61. Import the Certificate61

62. 62

63. 63

64. 64

65. 65

66. WFCfgWiz.exe 66

67. Additional Notes 67

68. Signed Certificate 68

69. Obtain the root and any intermediate certificates from your CA and import them into Windows and Firefox 69

70. Windows 70

71. Firefox 71

72. Certificates in AppScan Source72

73. 73

74. 74

75. ASE Server
AppScan Source Client
cacerts
C:\Program Files (x86)\IBM\AppScanSource\jre\lib\security\cacerts 75 75

76. C:\ProgramData\IBM\AppScanSource\config\cacertspersonal
ASE Server
AppScan Source Client
cacerts
cacertspersonal
C:\ProgramData\IBM\AppScanSource\config\cacertspersonal 76 76

77. 77

78. 78

79. 79

80. Save and Import Certificates from Windows KeyStore to the AppScan Source KeyStore80

81. 81

82. 82

83. 83

84. 84

85. 85

86. Repeat for any intermediate certificates86

87. Create the cacerts personal certificate store with 'certificatetool
Create the cacerts personal certificate store with 'certificatetool.bat'
This tool is located in: C:\Program Files (x86)\AppScanSource\bin\ 87

88. Certificate_Location is the full path to the savedcrt\cer file.
…bin>certificatetool.bat -h
Description: This is a tool to add SSL Certificates to AppScan Source Keystore.
Usage: CertificateTool <Certificate_Location> <Keystore_Location>
<Certificate_Location>: where SSL Certificate (.crt) or (.cer) is located
<Config_Location>: <install_dir>\config\
-h/-help: Help
Usage: CertificateTool <Certificate Location> <AppScan Config Directory>
Certificate_Location is the full path to the savedcrt\cer file.
AppScan Config Directory is where cacertspersonal KeyStore is located.
By default that is C:\ProgramData\IBM\AppScanSource\config . 88

89. Intermediate Certificate
Root Certificate
...\bin>certificatetool.bat c:\AppScanRoot.cer C:\ProgramData\IBM\AppScanSource\config
Starting AppScan Source Certificate Tool...
SUCCESS: The Certificate AppScanRoot.cer has been added!
Intermediate Certificate
…bin>certificatetool.bat c:\AppScanIntermediate.cer C:\ProgramData\IBM\AppScanSource\config
Starting AppScan Source Certificate Tool...
SUCCESS: The Certificate AppScanRoot.cer has been added! 89

90. Additional Notes 90

91. Updated Java Policy Files91

92. AppScan Enterprise Server:
US_export_policy.jar
local_policy.jar
AppScan Enterprise Server:
C:\Program Files (X86)\ AppScan Enterprise\Liberty\jre\lib\security
AppScan Source:
C:\Program Files (X86)\AppScanSource\jre\lib\security 92

93. Questions for the panel
8/16/16
Questions for the panel
Now is your opportunity to ask questions of our panelists.
To ask a question now: Press *1 to ask a question over the phone or
Type your question into the IBM Connections Cloud Meeting chat
To ask a question after this presentation: You are encouraged to participate in our Forum on this topic - 93 93 93

94. Get started with IBM Security Support
Header content 1 | header content 2
6/14/16
Where do you get more information?
Questions on this or other topics can be directed to the product forum: AppScan Standard forum.
More articles you can review:
AppScan Enterprise Information Center: Updating the Java SDK policy files
IBM Http Server Documentation: Using the Key Management Utility
Useful links:
Get started with IBM Security Support
IBM Support Portal | Sign up for “My Notifications”
Follow us: 94 94

95. Mandatory closing slide with copyright and legal disclaimers.
8/15/16
Mandatory closing slide with copyright and legal disclaimers. 95 95 95