How to generate a new TLS key and update CIS Products with new TLS information
Product Name
CIS CSAT Pro (SecureSuite Controls Self Assessment Tool) or CIS CAT Pro Dashboard
Product Version
All
Date
Feb 21, 2023
Problem
The TLS certificate generated in the CSAT/CISCAT Install Wizard is expiring or a user wants to add their own self-signed certificate
CSAT Pro Solutions
Installer
To change the TLS option, run the installer again and select the “Yes, update the existing installation option” and also check “Update the configuration file…”, as shown below in the screenshot:
Click through the various setup screens until you get to the “Set Up TLS Configuration” page and select “Create Self-Signed Certificate for TLS”:
Manually
The solution below is for manually generating a new TLS key:
To generate a new TLS key enter the following CLI command and follow the prompts:
keytool -genkey -keyalg RSA -alias test -keystore test.jks -validity 365 -keysize 2048
2. Go to your \CSAT_Pro\conf\csat-config
file and edit this section:
server:
port: 443
ssl:
enabled: true
key-store: C:\Program Files\CSAT_Pro\certificates\test.jks
key-store-password: "password"
key-alias: "test"
key-password: "password"
3. Save the csat-config
file with the updated information.
CISCAT Pro Dashboard Solution
To generate a new TLS key enter the following CLI command and follow the prompts:
keytool -genkey -keyalg RSA -alias test -keystore test.jks -validity 365 -keysize 2048
2. Re-run the Dashboard installer and update it with your new certificate information:
Keywords; tls, generate key, certificate, self signed
Content by Label