When the AppScan ® Enterprise Server is installed, it should be configured to use a valid SSL certificate. If this is not done, you will receive an untrusted connection message when logging in to the server from AppScan ® Source for Analysis or the AppScan ® Source command line interface (CLI) - or AppScan ® Source for Development on Windows ™ and Linux ™ .
Certificates that have been permanently accepted are stored in \config\cacertspersonal and \config\cacertspersonal.pem (where is the location of your AppScan ® Source program data, as described in Installation and user data file locations ) . Remove these two files if you no longer want the certificates permanently stored.
By default, certificates are automatically accepted when using AppScan ® Source for Automation . This behavior is determined by the ounceautod_accept_ssl setting in the Automation Server configuration file ( \config\ounceautod.ozsettings (where is the location of your AppScan ® Source program data, as described in Installation and user data file locations ) ). If this setting is edited so that value="true" is set to value="false" , SSL validation will be attempted and logging in or publishing to AppScan ® Enterprise Console will fail with error if an invalid certificate is encountered.
By default, when using the CLI login command, SSL validation will be attempted and logging in or publishing to AppScan ® Enterprise Console will fail with error if an invalid certificate is encountered (if you have not already permanently accepted the certificate while logging in via another AppScan ® Source client product). This behavior can be modified by using the option -acceptssl parameter when issuing the login command. When this parameter is used, SSL certificates are automatically accepted.