HTTPS with a Signed Certificate

Use HTTPS with a signed certificate.

By default the server uses a self-signed certificate for a secure HTTP connection. Only TLS 1.2 is supported.

If you want to use your own server certificate (X.509 certificates), it is recommended to replace

`/usr/local/demisto/cert.key`

with the private key and

`/usr/local/demisto/cert.pem`

with the certificate. To create your own certificate and key, see Create a Private Key and Certificate Signing Request (CSR).

For the certificate PEM file, you must concatenate the certificate chain one after the other in the file. The SSL certificate should come first, and the CA certificate(s) second. Only the certificate itself is needed, i.e. the text between and including "-----BEGIN CERTIFICATE-----"
and "-----END CERTIFICATE-----"
.

You can store the key and certificate in a different location, by changing the

/etc/demisto.conf

file and adding the locations below:

{  
  "Security":{  
    "CertFile":"",
    "KeyFile":""
  }
}

Ensure both files have the correct ownership: demisto:demisto

If your private key is encrypted, you need to add the key password to the one-time-configuration (OTC) file located in

/var/lib/demisto/otc.conf.json

. After the file is saved and the Cortex XSOAR server is restarted, the OTC file is automatically deleted. Add the following content to the OTC file.

{"keypass":"certpassword"}

Cortex XSOAR server does not support PKCS#8 encrypted PEM files.To validate that the file is supported, check that the "DEK-Info" header exists.

When using a Safari browser, the self-signed certificate must be added to the OS Keychain.

Document:Cortex XSOAR Administrator’s Guide

HTTPS with a Signed Certificate

HTTPS with a Signed Certificate

Recommended For You

Document:Cortex XSOAR Administrator’s Guide

HTTPS with a Signed Certificate

HTTPS with a Signed Certificate

Recommended For You

Recommended Videos