How to generate a new TLS key and update CIS Products with new TLS information

Product Name

CIS CSAT Pro (SecureSuite Controls Self Assessment Tool) or CIS CAT Pro Dashboard

Product Version

All

Date

Feb 21, 2023

Problem

The TLS certificate generated in the CSAT/CISCAT Install Wizard is expiring or a user wants to add their own self-signed certificate

CSAT Pro Solutions

Installer

To change the TLS option, run the installer again and select the “Yes, update the existing installation option” and also check “Update the configuration file…”, as shown below in the screenshot:

Click through the various setup screens until you get to the “Set Up TLS Configuration” page and select “Create Self-Signed Certificate for TLS”:

Manually

The solution below is for manually generating a new TLS key:

To generate a new TLS key enter the following CLI command and follow the prompts:

keytool -genkey -keyalg RSA -alias test -keystore test.jks -validity 365 -keysize 2048

2. Go to your \CSAT_Pro\conf\csat-config file and edit this section:

server:
port: 443
ssl:

enabled: true
key-store: C:\Program Files\CSAT_Pro\certificates\test.jks
key-store-password: "password"
key-alias: "test"
key-password: "password"

3. Save the csat-config file with the updated information.

CISCAT Pro Dashboard Solution

To generate a new TLS key enter the following CLI command and follow the prompts:

keytool -genkey -keyalg RSA -alias test -keystore test.jks -validity 365 -keysize 2048

2. Re-run the Dashboard installer and update it with your new certificate information:

Keywords; tls, generate key, certificate, self signed

Content by Label

Page:

Feature Enhancement Requests for CIS Products

Center for Internet Security®

Privacy Policy