Increasing security of uploading disconnected scan results
Available from 9.2.30.
To increase security of uploading disconnected scan
results to the License Metric Tool server,
import the certificate of the License Metric Tool server to the computer where the disconnected scanner is installed.
Procedure
- If you are using the default certificate that is delivered with License Metric Tool, generate a new certificate. It is sufficient to use the self-signed certificate. However, if you want to further strengthen the security, you can generate a CA-signed certificate. For more information, see: Configuring secure communication.
- To increase the security of upload, set up secure communication between the computer on
which the disconnected scanner is installed and the License Metric Tool server:
- cURL
- On the computer from which you want to upload disconnected scan results, go to the <scanner_install_dir>/config directory, and open the setup_config.ini file.
- Change the values of the following parameters:
After:CURL_PARAMETER="-k -s"
CURL_PARAMETERS="-s --cacert <path_to_certificate_file>\<certificate_name>.crt"
Important:Where:- The value of the parameter must be provided with quotation marks on Linux and without quotation marks on Windows.
- Neither the certificate name nor its path should contain any special characters.
- <path_to_certificate_file>
- Location of the certificate.
- <certificate_name>
- Name of the certificate that you want to use.
-
PowerShell
- Install the certificate on the computer where disconnected scanner is installed:
- In the License Metric Tool web UI, click on Management > Server Settings.
- Click on Download Certificate and save the file in some local directory (make sure that the obtained Certificate's file has .cer extension).
- Double click on the certificate's file, a Certificate pop-up panel will show up.
- Click on Install Certificate and choose a Local Machine store
Important: LMT Certificate must be installed in the 'Trusted Root Certification Authorities' or 'Intermediate Certification Authorities' store. - On the computer from which you want to upload disconnected scan results, go to the <scanner_install_dir>/config directory, and open the setup_config.ini file.
- Change POWERSHELL_TRUST_ALL_CERTIFICATES parameter to FALSE.
- Install the certificate on the computer where disconnected scanner is installed:
- cURL
- For the changes to take effect, run the automation/configure.sh or automation/configure.bat script.