May I ask what documentation are you following?
Here are the steps in brief:
Copy the default server.xml config to the "local" folder, and set it's corerct ownership, by running the next commands
sudo cp $JSONAR_BASEDIR/sonarfinder/conf/server.xml $JSONAR_LOCALDIR/sonarfinder/
sudo chown sonarw.sonar $JSONAR_LOCALDIR/sonarfinder/server.xml
Copy the Certificate files to the "local" folder and set their permissions
sudo mkdir $JSONAR_LOCALDIR/ssl/certs
sudo cp <certificate and key files> $JSONAR_LOCALDIR/ssl/certs/
sudo chown -R sonarw.sonar $JSONAR_LOCALDIR/ssl/certs
Edit the local server.xml file that we copied in first step $JSONAR_LOCALDIR/sonarfinder/server.xml
<SSLHostConfig protocols="+TLSv1.2+TLSv1.1"
.....
<Certificate certificateKeyFile="<Full Path to the key>"
certificateFile="<Full Path to the certificate>"
type="RSA"/>
</SSLHostConfig>
Note: Must set full path to the certificate and key, do not use any environment variables.
Restart sonarfinder and test,
systemctl restart sonarfinder
------------------------------
Sarvesh Lad
Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
------------------------------
Original Message:
Sent: 12-23-2022 11:26
From: Tyler Somers
Subject: CA Signed Certs in v4.10
Has anyone tried using CA signed certs in version 4.10. I am able to get our browser cert working by modifying the SonarFinder server.xml file in my local directory, however, when I do this it breaks the SSL to our agentless gateways. Seems the assets in v4.10 are synched via a playbook and the call to our agentless gateway endpoint is failing to create an SSL connection.
Just curious if anyone has had any luck getting this to work as the process is not documented anywhere.
#DatabaseActivityMonitoring
#jSonar
------------------------------
Tyler Somers
Senior Security Engineer
Chicago, IL
------------------------------