This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Removing selfsigned localhost certificates in VM 8.6

Vulnerability scan found issues with Serena's self signed Localhost certificates. Can these be removed, without breaking the application.
We are currently using IIS
  • 0  
    Hi Rex,

    Good question. These sample certificates exist for a quick proof-of-concept, but should not be used in production anyway as they are the security equivalent of a default password.

    Based on the configuration you described, you can either:
    [list=1]
    • Disable the 8443/8444 connectors in vm\common\tomcat\conf\server.xml, if no one is using those ports.
    • Re-use your IIS certificate in Tomcat (KB doc knowledgebase.serena.com/.../index