This article is about setting up an HTTPS connection for the software.
You can set up the software to encrypt the data transfer (data transfer with SSL). Alternatively, a private network (VPN) can be set up to shield the software's communication.
- You need a key certificate or a key pair (private and public key)
- You can create this yourself (see self-signed certificate below)
- Or buy one from an official authority (Note: You may already have one within your company)
- After that, you can configure the software to use SSL
If you use a self-signed certificate, the browser will provide a notification that the connection is not trusted. The communication is still encrypted.
Configuring the software to use SSL
- Open the zap Audit installation directory
- Open the server.xml file in the folder "/conf" with an editor
- Adjust the corresponding values for keystoreFile, keystorePass and keyAlias from line 91. (see box below)
- Port 8443 can be changed if necessary (but not the redirection from 9001, which is the
zap Audit default port)
- Start the server and after booting check if https://localhost:8443/zapliance/login.jsf is
reachable (change localhost to the address of your server if necessary).
The integration of other certificate files is documented at the following link:
Creating a Self-Signed Certificate (keystore.jks)
- You will need a Java JDK and administrator privileges
- Check a detailed tutorial at:
- Use the following console command (cmd.exe) to create the certificate file. Adjust the names
for the file (keystore.jks) and the two passwords:
C:\Program Files\Java\jdk1.8.0_121\bin\keytool.exe -genkey -keyalg RSA -noprompt -alias tomcat -dname "CN=localhost, OU=NA, O=NA, L=NA, S=NA, C=NA" -keystore keystore.jks -validity 9999 -storepass myPassword -keypass myPassword
- The keytools.exe file is located in the JDK installation directory.