Configuring CxSAST for SSL

Owned by Former user (Deleted)
Last updated: Nov 28, 2019 by David P (Deactivated)
3 min read

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. To be able to create an SSL connection the web server requires an SSL Certificate. To secure client communications to CxSAST you can install a signed certificate in CxSAST and configure CxSAST to enforce SSL security (HTTPS).

To configure CxSAST for SSL

Prepare a certificate for the CxSAST Server (in a distributed deployment - for CxManager), signed by a third-party certificate authority such as VeriSign and install it on the CxSAST Server or CxManager.

On the Start menu, click All Programs, click Accessories, and then click Run. The Run window is displayed.

In the Open box, type inetmgr and then click OK. The IIS Manager window is displayed. 

Select Default Web Site from the Connections pane.

Select Bindings from the Actions pane. The Site Bindings window is displayed.

Click Add. The Add Site Bindings window is displayed.

Click Type and select https.

Click SSL Certificate and select the your pre-installed certificate from the list.

Click OK and then Close.


If you want the Cx users to be able to use only HTTPS/SSL, return to the IIS Manager window and perform, for each relevant web service (CxWebClient, CxWebInterface), the following:

Double-click Default Web Site from the Connections pane.

Select CxWebClient and double-click on SSL Settings.

Select Require SSL and click Apply from the Actions pane.

Perform the same SSL settings actions for CxRestAPI as well as CxWebInterface.

Go to C:\Program Files\Checkmarx\CheckmarxWebPortal\Web, open the web.config file for editing and using the Search tool, search for "CxWSResolver.CxWSResolver".

Change the value "http://" to "https://" and replace the value "localhost" (if available) with your pre-installed certificate's <name/subject>.

Right-click on the Server (highest level in the hierarchical tree) and select Stop from the drop-down. Once stopped, right-click on the Server again and select Start.


To define the WebServer Address in CxSAST:

Go to Management > Application Settings > General. The General Settings window is displayed.

Click Edit.

Enter your Server URL (e.g. https://checkmarx.corp.net) into the Web Server Address field.

Click Update to save the changes.