# SSL/TLS Setup

Since ScanSuite and DefectDojo are separate installations, each requires its own set of domain names and SSL certificates. This guide provides clear instructions to set up SSL certificates for both services.

### 1: Register Domain Names

Register the required domain names in your DNS configuration. For example:

* `scansuite.yourdomain.com`
* `dojo.yourdomain.com`

***

### 2: Stop the Servers

Before applying the SSL certificates, stop both the ScanSuite and DefectDojo servers by running:

`cd ~/apps/scansuite && docker compose down -t 0`\
`cd ~/apps/scansuite/defectdojo && docker compose down -t 0`

***

### 3: Obtain SSL Certificates

Obtain SSL certificates from your local Certificate Authority (CA). \
\
If your ScanSuite server is publicly accessible, you can obtain an SSL certificate using Let's Encrypt as described below:

#### Install Certbot

`sudo snap install certbot --classic`

#### Generate SSL Certificates

`sudo certbot certonly --register-unsafely-without-email --agree-tos -d scansuite.yourdomain.com`\
`sudo certbot certonly --register-unsafely-without-email --agree-tos -d dojo.yourdomain.com`

***

### 4: Replace SSL Keys and Certificates

#### For ScanSuite:

Copy the newly generated SSL certificate and key to the **\~/apps/scansuite/services/nginx/certs/** directory:

Ensure that the file names `cert.pem` and `key.pem` are preserved.

<figure><img src="https://4294115650-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnKyTIO2cfH1PztWRwJEe%2Fuploads%2F8uFI7E9LaCuPZX4eTy3o%2Fimage.png?alt=media&#x26;token=1e433ed0-93da-4b81-819e-fa4d7661e66b" alt=""><figcaption></figcaption></figure>

#### For DefectDojo:

Copy the SSL certificate and key to the **\~/apps/scansuite/defectdojo/certs** directory.

Ensure that the file names `nginx.crt` and `nginx.key` are preserved.

<figure><img src="https://4294115650-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnKyTIO2cfH1PztWRwJEe%2Fuploads%2FcsyUwE2T2MHjC4gAXvOl%2Fimage.png?alt=media&#x26;token=634692ef-bc8f-492f-a131-092cabbafbcc" alt=""><figcaption></figcaption></figure>

Ensure both files are user readable, otherwise execute:

`cd ~/apps/scansuite/defectdojo/certs && chmod +r nginx.crt nginx.key`

***

### 5: Start the Servers

Start both ScanSuite and DefectDojo:

`cd ~/apps/scansuite/defectdojo && docker compose up -d`\
`cd ~/apps/scansuite && ./start-scansuite`

***

### 6: Verify SSL Certificate Loading

Check the Nginx logs to confirm that the certificates are loaded correctly:

`cd ~/apps/scansuite/defectdojo && docker compose logs nginx`

`cd ~/apps/scansuite && docker compose logs nginx`&#x20;

If any errors appear, double-check the certificate paths and permissions.