CxSAST supports secure communication between CxManager and CxEngine based on SSL certificates. These instructions take Windows and Linux support for CxEngine into consideration.
...
To obtain the pfx certificate subject name, open the PowerShell and run
Get-PfxCertificate –FilePath <full path of the PFX file>, for example
Get-PfxCertificate -FilePath "C:\Users\Administrator\Desktop\myCert.pfx".Enter your certificate’s password when prompted. The Certificate-Subject appears as illustrated below.
Set the following environment variables as follows which includes entering the certificate subject that you just obtained:
SETX CX_ENGINE_TLS_ENABLE true /m
SETX CX_ENGINE_CERTIFICATE_SUBJECT_NAME Certificate-Subject /m, for example
SETX CX_ENGINE_CERTIFICATE_SUBJECT_NAME CN=cx_example.com /mRestart the CxEngineService.
...
2. Update the following environment variables in the server.env file:
CX_ENGINE_TLS_ENABLE=true
CX_ENGINE_CERTIFICATE_SUBJECT_NAME=Certificate-Subject
CX_ENGINE_CERTIFICATE_PATH=certificat_full_path
CX_ENGINE_CERTIFICATE_PASSWORD=certificat_password
Example:
CX_ENGINE_TLS_ENABLE=true
CX_ENGINE_CERTIFICATE_SUBJECT_NAME=CN=www.myhost.com
CX_ENGINE_CERTIFICATE_PATH=/app/certificate/mycert.pfx
CX_ENGINE_CERTIFICATE_PASSWORD=12345
Info |
---|
The CX_ENGINE_CERTIFICATE_PATH must be relative to the location of your certificate inside the container |
...
Code Block |
---|
#!/bin/bash
CX_SERVER_TAR=./cx-engine-server.tar
CX_SERVER_ENV=./server.env
docker_run_args=(
##Run container in background
-d
##Restart policy
--restart=always
##Automatically remove the container when it exits
#--rm
##Environment variable file
--env-file $CX_SERVER_ENV
##Publish a container's port to the host
-p 0.0.0.0:8088:8088
##Volume checkmarx logs directory
-v /var/checkmarx:/var/checkmarx
##Volume certificates directory (use when TLS enabled)
-v /var/certs:/app/certificate/
##Checkmarx engine server image
cx-engine-server
##[Optional] Certificate parameters
#--cert_filepath /certificates_file_path/cert.pfx
#--cert_password password
#--mng_cert_filepath manager_locally_signed_certificate.crt
)
echo loading checkmarx engine server image
docker load < $CX_SERVER_TAR
echo deploying checkmarx engine server container
docker run "${docker_run_args[@]}" |
...