Changing Protocols, the Hostname, and Ports for Checkmarx Components
Background
Several additional components have been introduced (Access Control, CxSAST, Management & Orchestration, and ActiveMQ) to the latest versions of CxSAST. The endpoints for these components are saved in the database (CxDB) as {Protocol}://{FQDN}:{Port}. Fully Qualified Domain Name (FQDN) is the complete domain name for the host and consists of the hostname and the domain name (e.g., http://mqserver.company.com:5555).
Notice
Component endpoints are saved as HTTP for clean installations (v9.0.0 and up) by default. Upgrades (to v9.0.0) keep previous component endpoint values.
Use Cases
This instruction defines the procedure for changing component endpoint configurations in the database when the current configurations need to be changed. The following use cases will determine whether and how these component endpoints should be changed.
Use-Case 1: If the machine is only reachable by the IP and not by the FQDN, for instance, if a DNS Server is not used, you will need to change the table key value definitions in the database.
Use-Case 2: If you change the CxSAST Policy Management or ActiveMQ ports after installation, you will need to change the database's table key value definitions.
Use-Case 3: If you manually configured the environment as Secure Sockets Layer (SSL), you may need to change the table key value definitions in the database.
Use-Case 4: If you rename the machine, you must change the table key value definitions in the database.
Use-Case 5: If you configured the system to connect users via a corporate proxy server, you must change the database's table key value definitions.
Use-Case 6: If you add a load balancer, for instance, in HA deployments where the load balancer endpoint is used instead of the machine name, you must change the table key value definitions in the database.
To ensure the database and the Environment variables are fully updated with the correct URIs after upgrading or installing CxSAST, use the Post-Install Utility.
Post-Installation Utility
The CxPostInstallation Utility has been introduced for all CxSAST 9.x versions to ensure the database and the Environment variables are fully updated with the correct URIs after upgrading or installing CxSAST. It can be placed anywhere on the same host as the CxManager, as long as it can connect to the database. Similarly, ensure that you have access to the database before using it.
Notice
The Post Installation Utility is located in the SAST Installer Zip File.
The CxPostInstallation Utility must be located on the CxManager host in distributed installations.
Incorrect URIs render the Web Portal inaccessible, and CxSAST cannot be used.
Right-click the shortcut to the CxPostInstallation utility and run it as an Administrator.
The Welcome screen appears.
Click <Start> to open the dialog.
Under SAST Application URI, enter the valid endpoint (URI) of your CxSAST engine server and click <Next>. The updated SAST Application URI appears. If the fields appear blank, then you are not connected to the database.
Click <Next>. A summary dialog appears, displaying the updated URIs and the current ones.
To accept the updated URIs, click <Update>. A message confirms that the CxSAST endpoints have been successfully updated. Wait for the message that your URIs have been successfully updated before exiting the tool!
Notice
To enter a different SAST Application URI, click <Back> and repeat the previous steps. To close the utility without making changes, click <x>.
Any changes to IIS must be replicated on Checkmarx to that specific port. If no port changes are indicated, then the default ports are used. Use the PostInstall Utility to align these for you.
Important
Note the value of Identity Authority URI and ActiveMQ/RabbitMQ URI to match with the environment variables.
This updates the database values and the Environment variables.
Tip
To verify the Environment variables match, you can view them in your Windows system settings. Click System > About > Advanced System Settings > Environment Variables....
Updating Standalone Engine Server
After using the Post-Installation Utility, ensure the following Environment variables match the values in the post-installation tool:
Post-Installation Utility | Engine - Environment Variable |
|---|---|
Identity Authority URI | CX_ES_ACCESS_CONTROL_URL |
ActiveMQ/RabbitMQ URI | CX_ES_MESSAGE_QUEUE_URL |