Skip to main content

Configuring the build agent to run over HTTPS

By default, Builder runs over the HTTP protocol. The keytool utility, which is included in JDK 11, is used to generate the key and certificate. To configure the Builder agent to work over the HTTPS protocol:

On the Builder agent server side

  1. Generate a key store - keystore.jks with a certificate for Builder inside. The absolute path to keytool utility: /opt/derscanner/builder/environment/openjdk11/bin/keytool. Example command:

    keytool -genkey -alias builder -keyalg RSA -storepass
    keystore-file-password -keystore keystore.jks -validity 3650

    The parameters storepass (key store password) and validity (key store validity period in days) can be configured.

  2. Extract the self-signed certificate builder.cer from the key store by running the command in the directory with the created key store file keystore.jks:

    keytool -export -alias builder -storepass password
    -file builder.cer -keystore keystore.jks

  3. Modify /opt/derscanner/configs/derscanner.env by specifying the path to the key store file and the key store password, for example:

    JKS_PASSWORD=keystore-file-password
    JKS_PATH=/opt/derscanner/builder/keystore.jks

  4. Optional. Change agent port to more default in file /opt/derscanner/configs/builder.env, for example:

    AST_BUILDER_PORT=8443

  5. Restart Builder agent service:

    sudo systemctl restart derscanner-builder.service

On the APP module server side

  1. Transfer the obtained builder.cer certificate file to the server in a form of unique file for this agent, for example: builder-agent-1.cer.

  2. Modify the /opt/derscanner/app/configs/backend.env file by adding the following value to the CATALINA_OPTS field -Djdk.internal.httpclient.disableHostnameVerification, for example:

    CATALINA_OPTS="-Xms1024M -Xmx8192M
    -Djdk.internal.httpclient.disableHostnameVerification"

  3. Add the builder-agent-1.cer certificate to trusted (see Adding self-signed and CA certificates to trusted for HTTPS and LDAPS).

  4. Reconfigure the connection to the build tool to HTTPS in the DerScanner UI: Admin Panel > System > General > Build Tools (see Build agents).