ScanSuite
  • Introduction
  • Architecture
  • Installation
    • Technical Requirements
    • Install ScanSuite server
    • Set up DefectDojo
    • Troubleshooting
    • SSL/TLS Setup
  • Administration
    • Setup parameters and services
    • Configuring API keys for external systems
    • User administration
    • Security logs
  • Usage
    • Products
    • Performing a static code analysis
      • Git repository authentication
      • Schedule and incremental checks
      • (Optional) Compiling the code
      • Executing the OpenAI scan
    • Managing scan execution
    • Working with scan results
      • Checking for exploitable vulnerabilities
      • Export to Securitm
      • (Optional) Parsing CSV exports
    • Performing dynamic web scanning
      • Authenticated scans
      • API scans
    • Running infrastructure tests
    • Scheduling the scan
    • Creating own scanning rules
Powered by GitBook
On this page
  • 1: Register Domain Names
  • 2: Stop the Servers
  • 3: Obtain SSL Certificates
  • 4: Replace SSL Keys and Certificates
  • 5: Start the Servers
  • 6: Verify SSL Certificate Loading
  1. Installation

SSL/TLS Setup

Setting Up SSL Certificates for ScanSuite and DefectDojo

Since ScanSuite and DefectDojo are separate installations, each requires its own set of domain names and SSL certificates. This guide provides clear instructions to set up SSL certificates for both services.

1: Register Domain Names

Register the required domain names in your DNS configuration. For example:

  • scansuite.yourdomain.com

  • dojo.yourdomain.com

2: Stop the Servers

Before applying the SSL certificates, stop both the ScanSuite and DefectDojo servers by running:

cd ~/apps/scansuite && docker compose down -t 0 cd ~/apps/scansuite/defectdojo && docker compose down -t 0

3: Obtain SSL Certificates

Obtain SSL certificates from your local Certificate Authority (CA). If your ScanSuite server is publicly accessible, you can obtain an SSL certificate using Let's Encrypt as described below:

Install Certbot

sudo snap install certbot --classic

Generate SSL Certificates

sudo certbot certonly --register-unsafely-without-email --agree-tos -d scansuite.yourdomain.com sudo certbot certonly --register-unsafely-without-email --agree-tos -d dojo.yourdomain.com

4: Replace SSL Keys and Certificates

For ScanSuite:

Copy the newly generated SSL certificate and key to the ~/apps/scansuite/services/nginx/certs/ directory:

Ensure that the file names cert.pem and key.pem are preserved.

For DefectDojo:

Copy the SSL certificate and key to the ~/apps/scansuite/defectdojo/certs directory.

Ensure that the file names nginx.crt and nginx.key are preserved.

Ensure both files are user readable, otherwise execute:

cd ~/apps/scansuite/defectdojo/certs && chmod +r nginx.crt nginx.key

5: Start the Servers

Start both ScanSuite and DefectDojo:

cd ~/apps/scansuite/defectdojo && docker compose up -d cd ~/apps/scansuite && ./start-scansuite

6: Verify SSL Certificate Loading

Check the Nginx logs to confirm that the certificates are loaded correctly:

cd ~/apps/scansuite/defectdojo && docker compose logs nginx

cd ~/apps/scansuite && docker compose logs nginx

If any errors appear, double-check the certificate paths and permissions.

PreviousTroubleshootingNextAdministration

Last updated 14 days ago