CxSAST supports secure communication between CxManager and CxEngine based on SSL certificates. These instructions take Windows and Linux support for CxEngine into consideration.
...
Create a certificate (Certificate Authority-CA or self-signed).
Place the certificate in the store under Local Machine\Personal\Certificates
and copyit to Local Machine\Trusted Root Certification Authority\Certificates.Make the private key available to the service. To do so, go to Local Machine\Personal\Certificates and then to Manage Private Keys on the certificate.
Add “Network Service” to the list of authorized users. Read permissions are sufficient.
Copythe certificate to Local Machine\Trusted Root Certification Authority\Certificates.
Set these environment variables on the host (machine) level as explained below.
...
To obtain the pfx certificate subject name, open the PowerShell and run
Get-PfxCertificate –FilePath <full path of the PFX file>, for example
Get-PfxCertificate -FilePath "C:\Users\Administrator\Desktop\myCert.pfx".Enter your certificate’s password when prompted. The Certificate-Subject appears as illustrated below.
Set the following environment variables as follows which includes entering the certificate subject that you just obtained:
SETX CX_ENGINE_TLS_ENABLE true /m
SETX CX_ENGINE_CERTIFICATE_SUBJECT_NAME Certificate-Subject /m, for example
SETX CX_ENGINE_CERTIFICATE_SUBJECT_NAME CN=cx_example.com /mRestart the CxEngineService.
...
2. Update the following environment variables in the server.env file:
CX_ENGINE_TLS_ENABLE=true
CX_ENGINE_CERTIFICATE_SUBJECT_NAME=Certificate-Subject
CX_ENGINE_CERTIFICATE_PATH=certificat_full_path
CX_ENGINE_CERTIFICATE_PASSWORD=certificat_password
Example:
CX_ENGINE_TLS_ENABLE=true
CX_ENGINE_CERTIFICATE_SUBJECT_NAME=CN=www.myhost.com
CX_ENGINE_CERTIFICATE_PATH=/app/certificate/mycert.pfx
CX_ENGINE_CERTIFICATE_PASSWORD=12345
Info |
---|
The CX_ENGINE_CERTIFICATE_PATH must be relative to the location of your certificate inside the container |
...