SSL Certificate on Fortify ScanCentral Sensor on k8s

I'm trying to stand up a Fortify ScanCentral Sensor on k8s, but I can't figure out how to get the Sensor to communicate with my ScanCentral Controller. It's certainly a problem with the SSL key. I must be passing it in to the container wrong. Anybody have any details on the right way to do it? Also, when done correctly, will the cacerts file in jre/lib/security/cacerts be updated?

  • Suggested Answer

    0

    Turns out the 22.1 image's entrypoint.sh file is missing the steps required to properly update the cacerts file. This was fixed in 23.x, I have asked for the 22.1 image to be updated, but I'm not sure it will happen.

  • 0 in reply to 

    Hi,

    For me it's still not working with fortifydocker/scancentral-sast-sensor:23.2.0.0125

    Now

    * a /fortify/scancentral-truststore is created (based on the cacerts) with the certs mounted in SCANCENTRAL_CONFIG_TRUSTED_CERTS_DIR

    * then sourceanalyzer is started using -Djavax.net.ssl.trustStore=/fortify/scancentral-truststore but it's not taken it account

    the only way to make it work is to change the /app/sca/jre/lib/security/cacerts (and do not use SCANCENTRAL_CONFIG_TRUSTED_CERTS_DIR )

    Adrien