Versions Compared

Old Version 10

changes.mady.by.user Eliezer Basner

Saved on

compared with

New Version Current

changes.mady.by.user Aviad Holy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

CxSAST supports secure communication between CxManager and CxEngine based on SSL certificates. These instructions take Windows and Linux support for CxEngine into consideration.

...

  1. To obtain the pfx certificate subject name, open the PowerShell and run
    Get-PfxCertificate –FilePath <full path of the PFX file>, for example
    Get-PfxCertificate -FilePath "C:\Users\Administrator\Desktop\myCert.pfx".

  2. Enter your certificate’s password when prompted. The Certificate-Subject appears as illustrated below.

     

  3. Set the following environment variables as follows which includes entering the certificate subject that you just obtained:
    SETX CX_ENGINE_TLS_ENABLE true /m
    SETX CX_ENGINE_CERTIFICATE_SUBJECT_NAME Certificate-Subject /m, for example
    SETX CX_ENGINE_CERTIFICATE_SUBJECT_NAME CN=cx_example.com /m

  4. Restart the CxEngineService.

...

2. Update the following environment variables in the server.env file:

CX_ENGINE_TLS_ENABLE=true
CX_ENGINE_CERTIFICATE_SUBJECT_NAME=Certificate-Subject
CX_ENGINE_CERTIFICATE_PATH=certificat_full_path
CX_ENGINE_CERTIFICATE_PASSWORD=certificat_password

Example:
CX_ENGINE_TLS_ENABLE=true
CX_ENGINE_CERTIFICATE_SUBJECT_NAME=CN=www.myhost.com
CX_ENGINE_CERTIFICATE_PATH=/app/certificate/mycert.pfx
CX_ENGINE_CERTIFICATE_PASSWORD=12345

Info

The CX_ENGINE_CERTIFICATE_PATH must be relative to the location of your certificate inside the container

...

Code Block
#!/bin/bash
CX_SERVER_TAR=./cx-engine-server.tar
CX_SERVER_ENV=./server.env

docker_run_args=(
##Run container in background
-d
##Restart policy
--restart=always
##Automatically remove the container when it exits
#--rm
##Environment variable file
--env-file $CX_SERVER_ENV 
##Publish a container's port to the host
-p 0.0.0.0:8088:8088 
##Volume checkmarx logs directory
-v /var/checkmarx:/var/checkmarx 
##Volume certificates directory (use when TLS enabled)
-v /var/certs:/app/certificate/
##Checkmarx engine server image
cx-engine-server
##[Optional] Certificate parameters
#--cert_filepath /certificates_file_path/cert.pfx 
#--cert_password password
#--mng_cert_filepath manager_locally_signed_certificate.crt
)

echo loading checkmarx engine server image
docker load < $CX_SERVER_TAR

echo deploying checkmarx engine server container
docker run "${docker_run_args[@]}"

...