Configure an Engine to Use Custom Certificates - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Replace the self-signed certificate for an engine with a valid CA certificate for communication tasks.

For communication tasks that go through an engine, you can replace the default self-signed certificate for the engine with your own certificate.

  1. Find the two files created by the engine. The default location is /usr/local/demisto.

    d1.key.pem

    d1.cert.pem

  2. Replace the contents of these files with your own certificates.

  3. Change file owner to demisto:

    chown -R demisto:demisto d1.key.pem

    chown -R demisto:demisto d1.cert.pem

  4. Set the file permissions:

    chmod 600 d1.key.pem

    chmod 644 d1.cert.pem

  5. (Optional) If you are using a key passphrase for your custom certificate, add the passphrase to your engine configuration:

    1. Go to SettingsEngines.

    2. Create New Engine and provide an engine name or select an existing engine and Edit Configuration.

    3. Select Use a passphrase for the engine certificate private key.

    4. Click Save.