Changing Protocols, the Hostname, and Ports for Checkmarx Components
Background
Several additional components have been introduced (Access Control, CxSAST, Management & Orchestration, and ActiveMQ) to the latest versions of CxSAST. The endpoints for these components are saved in the database (CxDB) as {Protocol}://{FQDN}:{Port}. Fully Qualified Domain Name (FQDN) is the complete domain name for the host and consists of the hostname and the domain name (e.g., http://mqserver.company.com:5555).
Notice
Component endpoints are saved as HTTP for clean installations (v9.0.0 and up) by default. Upgrades (to v9.0.0) keep previous component endpoint values.
Use Cases
This instruction defines the procedure for changing component endpoint configurations in the database when the current configurations need to be changed. The following use cases will determine whether and how these component endpoints should be changed.
Use-Case 1: If the machine is only reachable by the IP and not by the FQDN, for instance, if a DNS Server is not used, you will need to change the table key value definitions in the database.
Use-Case 2: If you change the CxSAST Policy Management (CxARM UI) or ActiveMQ ports after installation, you will need to change the database's table key value definitions.
Use-Case 3: If you manually configured the environment as Secure Sockets Layer (SSL), you may need to change the table key value definitions in the database.
Use-Case 4: If you rename the machine, you must change the table key value definitions in the database.
Use-Case 5: If you configured the system to connect users via a corporate proxy server, you must change the database's table key value definitions.
Use-Case 6: If you add a load balancer, for instance, in HA deployments where the load balancer endpoint is used instead of the machine name, you must change the table key value definitions in the database.
For further instructions and examples, refer to Accessing the Database Table and Changing Table Key Value Definitions.
Changing Table Key Value Definitions
After accessing the database and connecting to the SQL server, do the following:
1. In the Tables folder (
Databases > 
CxDB > Tables), right-click the required Table according to the Table/Key Value Definitions table below and then select Edit Top 200 Rows.
2. For each Key, change the Value field according to the relevant use case (refer to Use Cases).
3. Save your changes.
4. On the CxManager host, reset the IIS. To do so, run ‘iisreset’ from the elevated CMD or run 
Restart for the relevant server in the IIS Console.
5. Restart all Cx Windows Services.
Table | Key | Value |
|---|---|---|
dbo.CxComponentConfiguration | IdentityAuthority (i.e., Access Control URL) | {Protocol}://{Machine}:{Port}/CxRestAPI/auth Default HTTP port = 80 NoticeWhen upgrading to v9.0.0, the IdentityAuthority value is preserved unless it is empty or set to localhost. In these cases, the full URL of your local station is added. |
CxSASTManagerUri (i.e., SAST Manager URI) | {Protocol}://{Machine}:{Port} Default HTTP port = 80 | |
SERVER_INSTANCE_EXTERNAL_DNS_HOST_NAME (i.e., External DNS Server Host Name URL) | {Protocol}://{Machine}:{Port} Default HTTP port = 80 | |
CxARMURL (i.e.,CxAnalytics URL) | {Protocol}://{Machine}:{Port} Default HTTP port = 8080 | |
CxARMPolicyURL (i.e.,Policy Manager URL) | {Protocol}://{Machine}:{Port} Default HTTP port = 8080 | |
ActiveMessageQueueURL (i.e.,ActiveMQ URL) | {Protocol}://{Machine}:{Port} Default TCP port = 61616 | |
config.CxEngineConfigurationKeysMeta | ACTIVE_MESSAGE_QUEUE_URL (i.e.,ActiveMQ URL) | {Protocol}://{Machine}:{Port} Default TCP port = 61616 |
accesscontrol.ConfigurationItems | SERVER_PUBLIC_ORIGIN | Change according to the following conditions:
NoticeIn all instances, the protocol should be the same for both SERVER_PUBLIC_ORIGIN and IdentityAuthority keys. |