Skip to main content

Changing Protocols, the Hostname and Ports for Checkmarx Components

Background

A number of additional components have been introduced (Access Control, CxSAST, Management & Orchestration, and ActiveMQ) to the latest versions of CxSAST. The endpoints for these components are saved in the database (CxDB) as {Protocol}://{FQDN}:{Port}. Fully Qualified Domain Name (FQDN) is the complete domain name for the host and consists of the hostname and the domain name (e.g., http://mqserver.company.com:5555).

Notice

For clean installations (v9.0.0 and up), component endpoints are saved as HTTP by default. Upgrades (to v9.0.0) keep previous component endpoint values.

Use Cases

This instruction defines the procedure for changing component endpoint configurations in the database, in cases where the current configurations need to be changed, The following use cases will determine if and how these component endpoints should to be changed.

  • Use-Case 1: If the machine is only reachable by the IP and not by the FQDN, for instance, if a DNS Server is not used, you will need to change the table key value definitions in the database.

  • Use-Case 2: If you change the CxSAST, Management & Orchestration or ActiveMQ ports after installation, you will need to change the table key value definitions in the database.

  • Use-Case 3: If you manually configured the environment as Secure Sockets Layer (SSL), you may need to change the table key value definitions in the database.

  • Use-Case 4: If you rename the machine, you will need to change the table key value definitions in the database.

  • Use-Case 5: If you configured the system to connect users via a corporate proxy server, you will need to change the table key value definitions in the database.

  • Use-Case 6: If you add a load balancer, for instance, in HA deployments where the load balancer endpoint is used instead of the machine name, you will need to change the table key value definitions in the database.

For further instructions and examples, refer to Accessing the Database Table and Changing Table Key Value Definitions.

Accessing the Database Table

Once the CxSAST (v9.0.0 and up) environment is installed and fully configured, access the database as follows:

1. Open MS SQL Server Management Studio.

2. Connect to the SQL server.

3. Go to 6436181475.png Databases > 6436181472.png CxDB > 6436181475.png Tables.

4. Change the table key value definitions as instructed in the section below.

6436181466.png

Changing Table Key Value Definitions

After accessing the database and connecting to the SQL server, do the following:

1. In the Tables folder (6436181475.png Databases > 6436181472.png CxDB > 6436181475.png Tables), right-click the required Table according to the Table/Key Value Definitions table below and then select Edit Top 200 Rows.

2. For each Key, change the Value field according to the relevant use case (refer to Use Cases).

3. Save your changes.

4. On the CxManager host, reset the IIS. To do so, run ‘iisreset’ from the elevated CMD or run 6436181478.png Restart for the relevant server in the IIS Console.

5. Restart all Cx Windows Services.

Table

Key

Value

dbo.CxComponentConfiguration

IdentityAuthority (i.e., Access Control URL)

{Protocol}://{Machine}:{Port}/CxRestAPI/auth

Default HTTP port = 80

Notice

When upgrading to v9.0.0, the IdentityAuthority value is preserved unless it is empty or set to localhost. In these cases, the full URL of your local station is added.

CxSASTManagerUri (i.e., SAST Manager URI)

{Protocol}://{Machine}:{Port}

Default HTTP port = 80

SERVER_INSTANCE_EXTERNAL_DNS_HOST_NAME (i.e., External DNS Server Host Name URL)

{Protocol}://{Machine}:{Port}

Default HTTP port = 80

CxARMURL (i.e.,CxAnalytics URL)

{Protocol}://{Machine}:{Port}

Default HTTP port = 8080

CxARMPolicyURL (i.e.,Policy Manager URL)

{Protocol}://{Machine}:{Port}

Default HTTP port = 8080

ActiveMessageQueueURL (i.e.,ActiveMQ URL)

{Protocol}://{Machine}:{Port}

Default TCP port = 61616

config.CxEngineConfigurationKeysMeta

ACTIVE_MESSAGE_QUEUE_URL (i.e.,ActiveMQ URL)

{Protocol}://{Machine}:{Port}

Default TCP port = 61616

accesscontrol.ConfigurationItems

SERVER_PUBLIC_ORIGIN

Change according to the following conditions:

  • If the machine is configured for IP, then:

    SERVER_PUBLIC_ORIGIN = {Protocol}://{Machine_IP}:{port} and

    IdentityAuthority = {protocol}://{Machine_IP}:{port}/CxRestAPI/auth

  • If the machine is configured for FQDN and SERVER_PUBLIC_ORIGIN is not empty, then:

    SERVER_PUBLIC_ORIGIN = {protocol}://{Machine_FQDN}:{port} and

    IdentityAuthority = {Protocol}//{Machine_FQDN}:{port}/CxRestAPI/auth

  • If the machine is configured for FQDN and SERVER_PUBLIC_ORIGIN is empty, then leave empty.

Notice

In all instances, the protocol should be the same for both SERVER_PUBLIC_ORIGIN and IdentityAuthority keys.