SSL/TLS Setup
Setting Up SSL Certificates for ScanSuite and DefectDojo
Since ScanSuite and DefectDojo are separate installations, each requires its own set of domain names and SSL certificates. This guide provides clear instructions to set up SSL certificates for both services.
1: Register Domain Names
Register the required domain names in your DNS configuration. For example:
scansuite.yourdomain.com
dojo.yourdomain.com
2: Stop the Servers
Before applying the SSL certificates, stop both the ScanSuite and DefectDojo servers by running:
cd ~/apps/scansuite && docker compose down -t 0
cd ~/apps/scansuite/defectdojo && docker compose down -t 0
3: Obtain SSL Certificates
Obtain SSL certificates from your local Certificate Authority (CA). If your ScanSuite server is publicly accessible, you can obtain an SSL certificate using Let's Encrypt as described below:
Install Certbot
sudo snap install certbot --classic
Generate SSL Certificates
sudo certbot certonly --register-unsafely-without-email --agree-tos -d scansuite.yourdomain.com
sudo certbot certonly --register-unsafely-without-email --agree-tos -d dojo.yourdomain.com
4: Replace SSL Keys and Certificates
For ScanSuite:
Copy the newly generated SSL certificate and key to the ~/apps/scansuite/services/nginx/certs/ directory:
Ensure that the file names cert.pem
and key.pem
are preserved.
For DefectDojo:
Copy the SSL certificate and key to the ~/apps/scansuite/defectdojo/certs directory.
Ensure that the file names nginx.crt
and nginx.key
are preserved.
Ensure both files are user readable, otherwise execute:
cd ~/apps/scansuite/defectdojo/certs && chmod +r nginx.crt nginx.key
5: Start the Servers
Start both ScanSuite and DefectDojo:
cd ~/apps/scansuite/defectdojo && docker compose up -d
cd ~/apps/scansuite && ./start-scansuite
6: Verify SSL Certificate Loading
Check the Nginx logs to confirm that the certificates are loaded correctly:
cd ~/apps/scansuite/defectdojo && docker compose logs nginx
cd ~/apps/scansuite && docker compose logs nginx
If any errors appear, double-check the certificate paths and permissions.
Last updated