Configuring CxSAST for using a non-default Port

Owned by Former user (Deleted)
Last updated: Oct 04, 2021 by Eliezer Basner (Unlicensed)
4 min read

By default, CxSAST uses port 80 for communications. You can change the port, for example to port 8080.

To change the CxSAST communication port, you need to first change the web server listening port, and then perform additional configuration on CxSAST as illustrated in the sections below.

Changing the Web Server Listening Port

Change the web server listening port according to one of the following procedures, depending on which web server CxSAST is using:

 Change the port on IIS
    1. On the CxSAST Server or CxManager host, open the IIS Manager.
    2. In the left-hand navigation pane, select Sites > Default Web Site.
    3. On the right, under Actions > Edit Site, click Bindings:



    4. Select http and click Edit:



    5. Under Port, type the new number:



    6. Click OK.
 Change the port on UltiDev
  1. On the CxSAST Server or CxManager host, open the UltiDev Web App Explorer (for example, from the Windows/Start menu).
  2. On the left, select CxWebInterface, and in the Network Addresses tab, click Add and add the new port; select 80 and click Remove:

     

  3. Select CxWebClient, and in the Network Addresses tab, click Add and add the new port; select 80 and click Remove.
  4. Click Save config changes.
 Change the SOAP port using IIS
  1. On the CxSAST Server or CxManager host, open the IIS Manager.
  2. In the left-hand navigation pane, right-click on Sites and select Add Website.
  3. In the Add Website window, do the following:
    • In the Site name field, type CxWebinterface.
    • In the Physical path field, enter the path to the Web configuration file (for example, C:\Program Files\Checkmarx\Checkmarx Web Services\CxWebInterface).
    • Under Binding, in the Port field, enter the new port (for example, as shown in the figure below, 8888).
  4. Click OK.
  5. Remove the original CxWebinterface app from under the Default Web Site in the left-hand navigation pane, by right-clicking CxWebinterface and selecting Remove.

  6. In the left-hand navigation pane, select the new CxWebinterface web site and on the right, under Actions, click on Advance Settings.
  7. In the Advanced Settings window, select Application Pool and click on the options button to the right of the values column. The Select Application Pool dialog opens. Select CxPool from the Application pool drop-down list. Click OK and OK again.
  8. Open the following file for editing: <Checkmarx Installation Folder>\CheckmarxWebPortal\Web\web.config.
  9. Change the host name and port in the web.config file by doing the following:
    • Under the <appSettings> section add the following line: <add key="CxWSResolver.CxWSResolver" value="http://localhost:8888/CxWSResolver.asmx" />

    • Replace the <applicationSettings> section with the following lines:

    • Save the file.

    • Check that the URL works properly.

Additional CxSAST Configuration

Now that that the web server listening port is configured, perform the following CxSAST configuration:

  1. Open the following file for editing:
    C:\Program Files\Checkmarx\CheckmarxWebPortal\Web\web.config
  2. Find the key CxWSResolver.CxWSResolver, and change the line to:
    <add key="CxWSResolver.CxWSResolver" value="http://localhost:<port>/CxWebInterface/CxWSResolver.asmx" />
    where <port> is the new port number. For example:
    <add key="CxWebServices.CxWSResolver" value="http://localhost:8080/CxWebInterface/CxWSResolver.asmx" /> 
  3. Open the following file for editing:
    C:\Program Files\Checkmarx\Checkmarx Engine Server\CxSourceAnalyzerEngine.WinService.exe.config
  4. Open the following file for editing: "<Checkmarx Installation Folder>\Checkmarx Engine Server\CxSourceAnalyzerEngine.WinService.exe.config".
  5. Find the phrase "http://"  and change the line to: <add baseAddress="http://localhost:<port>/CxSourceAnalyzerEngineWCF/CxEngineWebServices.svc"/> where <port> is the new port number. For example: <add baseAddress="http://localhost:8080/CxSourceAnalyzerEngineWCF/CxEngineWebServices.svc"/>"

  6. Run the following command in elevated CMD with correct parameters:
    netsh http add urlacl url=http://+:80/CxSourceAnalyzerEngineWCF/CxEngineWebServices.svc user="NT AUTHORITY\NETWORK SERVICE"

    The number 80 in - ".....=http://+:80/Cx...."
    The domain\user in - "....vc user="NT AUTHORITY\NETWORK SERVICE" if the user running the Cx Engine service is not the default "Network Service"

  7. In order for CxARM, plugins and the CLI tool to work with the new port, you need to run the following DB query::
       UPDATE [CxDB].[dbo].[CxComponentConfiguration]
       SET Value = 'http(s)://your_cx_portal_hostname:port'
       WHERE [Key] = 'IdentityAuthority'
  8. In the Windows Service Manager, restart the following services:
    CxScanEngine
    CxScanManager
  9. In a distributed deployment:
    1. Log into the CxSAST web interface, using the new port number in the browser address bar. For example:
      http://localhost:8080/CxWebClient/login.aspx
    2. Go to Management > Server Settings > Installation Information, and under Engine Servers, edit the server address to include the new port number.
  10. If you use CxAudit:
    1. On the CxSAST server, open the following file for editing:
      C:\Program Files\Checkmarx\Checkmarx Audit\CxAudit.exe.config
    2. Find the SERVER_ADDRESS key, and edit its value to include the new port number. For example:
      <add key="SERVER_ADDRESS" value="http://localhost:8080" />
    3. If CxAudit was already run, repeat the previous step on the following file:
      C:\Users\USERNAME\AppData\Local\Checkmarx\CxAudit\CxAudit.exe.config