Bitnami Code Dx Installer

NOTE: Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and Mac OS X) or by clicking the shortcut in the Start Menu under "Start -> Bitnami APPNAME Stack -> Application console" (Windows). Learn more.
NOTE: When running the commands shown on this page, replace the installdir placeholder with the full installation directory for your Bitnami stack.

Description

Code Dx is a software vulnerability management system that simplifies triaging, prioritizing, and remediating vulnerabilities found via static and dynamic app security testing and manual code reviews.

License information

Code Dx is a commercial application. The Bitnami Code Dx Stack includes a free 14-day trial of Code Dx Stat! for up to 3 users.

The license can be purchased directly from Code Dx at http://codedx.com/purchase-codedx-online/.

First steps with the Bitnami Code Dx Stack

Welcome to your new Bitnami application! Here are a few questions (and answers!) you might need when first starting with your application.

What are the system requirements?

Before you download and install your application, check that your system meets these requirements.

How do I install the Bitnami Code Dx Stack?

Windows, OS X and Linux installer
  • Download the executable file for the Bitnami Code Dx Stack from the Bitnami website.

  • Run the downloaded file:

    • On Linux, give the installer executable permissions and run the installation file in the console.
    • On other platforms, double-click the installer and follow the instructions shown.

Check the FAQ instructions on how to download and install a Bitnami Stack for more details.

The application will be installed to the following default directories:

Operating System Directory
Windows C:\Bitnami\APPNAME-VERSION
Mac OS X /Applications/APPNAME-VERSION
Linux /opt/APPNAME-VERSION (running as root user)
OS X VM
  • Download the OS X VM file for the Bitnami Code Dx Stack from the Bitnami website.
  • Begin the installation process by double-clicking the image file and dragging the WordPress OS X VM icon to the Applications folder.
  • Launch the VM by double-clicking the icon in the Applications folder.

What credentials do I need?

You need application credentials, consisting of a username and password. These credentials allow you to log in to your new Bitnami application.

What is the administrator username set for me to log in to the application for the first time?

  • For Windows, Linux and OS X installers, the username was configured by you when you first installed the application.
  • For OS X VMs, the username can be obtained by clicking the Bitnami badge at the bottom right corner of the application welcome page.

What is the administrator password?

  • For Windows, Linux and OS X installers, the password was configured by you when you first installed the application.
  • For OS X VMs, the password can be obtained by clicking the Bitnami badge at the bottom right corner of the application welcome page.

How to start or stop the services?

Linux

Bitnami native installers include a graphical tool to manage services. This tool is named manager-linux-x64.run on Linux and is located in the installation directory. To use this tool, double-click the file and then use the graphical interface to start, stop or restart services. Server log messages can be checked in the "Server Events" tab.

Management tool

The native installer also includes a command-line script to start, stop and restart applications, named ctlscript.sh. This script can be found in the installation directory and accepts the options start, stop, restart, and status. To use it, log in to the server console and execute it following the examples below:

  • Call it without any service names to start all services:

      $ sudo installdir/ctlscript.sh start
    
  • Use it to restart a specific service only by passing the service name as argument - for example, mysql, postgresql or apache:

      $ sudo installdir/ctlscript.sh restart mysql
      $ sudo installdir/ctlscript.sh restart postgresql
      $ sudo installdir/ctlscript.sh restart apache
    
  • Obtain current status of all services:

      $ installdir/ctlscript.sh status
    

The list of available services varies depending on the required components for each application.

Mac OS X

Bitnami native installers include a graphical tool to manage services. This tool is named manager-osx on Mac OS X and is located in the installation directory. To use this tool, double-click the file and then use the graphical interface to start, stop or restart services. Server log messages can be checked in the "Server Events" tab.

Management tool

The native installer also includes a command-line script to start, stop and restart applications, named ctlscript.sh. This script can be found in the installation directory and accepts the options start, stop, restart, and status. To use it, log in to the server console and execute it following the examples below:

  • Call it without any service names to start all services:

    $ sudo installdir/ctlscript.sh start
    
  • Use it to restart a specific service only by passing the service name as argument - for example, mysql or apache:

     $ sudo installdir/ctlscript.sh restart mysql
     $ sudo installdir/ctlscript.sh restart apache
    
  • Obtain current status of all services:

     $ installdir/ctlscript.sh status
    

The list of available services varies depending on the required components for each application.

NOTE: If you are using the stack manager for Mac OS X-VM, please check the following blog post to learn how to manage services from its graphical tool.

Windows

Bitnami native installers include a graphical tool to manage services. This tool is named manager-windows.exe on Windows and is located in the installation directory. To use this tool, double-click the file and then use the graphical interface to start, stop or restart services. Server log messages can be checked in the "Server Events" tab.

Management tool

The Windows native installer creates shortcuts to start and stop services created in the Start Menu, under "Programs -> Bitnami APPNAME Stack -> Bitnami Service". Servers can also be managed from the Windows "Services" control panel. Services are named using the format APPNAMESERVICENAME, where APPNAME is a placeholder for the application name and SERVICENAME is a placeholder for the service name. For example, the native installer for the Bitnami WordPress Stack installs services named wordpressApache and wordpressMySQL.

These services will be automatically started during boot. To modify this behaviour, refer to the section on disabling services on Windows.

How to change the default administrator password?

If you want to change your password you could do it by following the steps below:

  • Log in to the application as an administrator.
  • Click the user name in the dropdown menu located in the header.

    Codedx password change

  • Enter the old password, then the new password twice.

    Codedx password change

  • Click "Change Password" to save your changes.

How to create a full backup of Code Dx?

The Bitnami Code Dx Stack is self-contained and the simplest option for performing a backup is to copy or compress the Bitnami stack installation directory. To do so in a safe manner, you will need to stop all servers, so this method may not be appropriate if you have people accessing the application continuously.

NOTE: If you want to create only a database backup, refer to these instructions for MySQL and PostgreSQL.

Backup on Linux and Mac OS X

Follow these steps:

  • Change to the directory in which you wish to save your backup.

     $ cd /your/directory
    
  • Stop all servers.

     $ sudo installdir/ctlscript.sh stop
    
  • Create a compressed file with the stack contents.

     $ sudo tar -pczvf application-backup.tar.gz installdir
    
  • Start all servers.

     $ sudo installdir/ctlscript.sh start
    
  • Download or transfer the application-backup.tar.gz file to a safe location.

You should now download or transfer the application-backup.tar.gz file to a safe location.

Backup on Windows

Follow these steps:

  • Stop all servers using the shortcuts in the Start Menu or the graphical manager tool.

  • Create a compressed file with the stack contents. You can use a graphical tool like 7-Zip or WinZip or just right-click the folder, click "Send to", and select the "Compressed (zipped) folder" option.

  • Download or transfer the compressed file to a safe location.

  • Start all servers using the shortcuts in the Start Menu or the graphical manager tool.

Restore on Linux and Mac OS X

Follow these steps:

  • Change to the directory containing your backup:

    $ cd /your/directory
    
  • Stop all servers.

    $ sudo installdir/ctlscript.sh stop
    
  • Move the current stack to a different location:

    $ sudo mv installdir /tmp/bitnami-backup
    
  • Uncompress the backup file to the original directory:

    $ sudo tar -pxzvf application-backup.tar.gz -C /
    
  • Start all servers.

    $ sudo installdir/ctlscript.sh start
    
IMPORTANT: When restoring, remember to maintain the original permissions for the files and folders. For example, if you originally installed the stack as the root user on Linux, make sure that the restored files are owned by root as well.

Restore on Windows

  • Change to the directory containing your backup:

       $ cd /your/directory
    
  • Stop all servers using the shortcuts in the Start Menu or the graphical manager tool.

  • Uninstall the previous services by executing the following command:

        $ serviceinstall.bat
    
  • Create a safe folder named Backups in the desktop and move the current stack to it. Remember to replace PATH with the right location of your folder:

        $ move installdir \PATH\Backups
    
  • Uncompress the backup file using a tool like 7-Zip or Winzip or just double-click the .zip file to uncompress it, and move it to the original directory.
  • Install services by running the following commands from an elevated command prompt:

      $ cd installdir
      $ serviceinstall.bat INSTALL
    
  • Start all servers using the shortcuts in the Start Menu or the graphical manager tool.

How to create an SSL certificate for Apache Tomcat?

A detailed guide is available in the official Apache Tomcat documentation at http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.

How to enable SSL access over HTTPS?

You can configure Apache Tomcat to enable SSL access to applications using HTTPS. It is necessary to configure Tomcat with the location of the Apache SSL certificate, as described below.

  • Check that the certificate file is present at installdir/apache-tomcat/conf/ssl/tomcat.cert.pem and the certificate key file is present at installdir/apache-tomcat/conf/ssl/tomcat.key.pem.

  • Uncomment the following line in the installdir/apache-tomcat/conf/server.xml file:

       <Connector port="8443"
                  protocol="HTTP/1.1" SSLEnabled="true"
                  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                  enableLookups="false" disableUploadTimeout="true"
                  acceptCount="100" scheme="https" secure="true"
                  clientAuth="false" sslProtocol="TLS"
                  keystoreFile="conf/myKeystore"
                  keystorePass="your_password"
                  SSLCertificateFile="installdir/apache-tomcat/conf/ssl/tomcat.cert.pem"
                  SSLCertificateKeyFile="installdir/apache-tomcat/conf/ssl/tomcat.key.pem"/>
    
  • Restart the Apache Tomcat server

You should now be able to access your Web applications over HTTPS by browsing to https://localhost:8443.

How to create an SSL certificate?

OpenSSL is required to create an SSL certificate. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

Follow the steps below for your platform.

Linux and Mac OS X

NOTE: OpenSSL will typically already be installed on Linux and Mac OS X. If not installed, install it manually using your operating system's package manager.

Follow the steps below:

  • Generate a new private key:

     $ sudo openssl genrsa -out installdir/apache2/conf/server.key 2048
    
  • Create a certificate:

     $ sudo openssl req -new -key installdir/apache2/conf/server.key -out installdir/apache2/conf/cert.csr
    
    IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

     $ sudo openssl x509 -in installdir/apache2/conf/cert.csr -out installdir/apache2/conf/server.crt -req -signkey installdir/apache2/conf/server.key -days 365
    
  • Back up your private key in a safe location after generating a password-protected version as follows:

     $ sudo openssl rsa -des3 -in installdir/apache2/conf/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:

     $ sudo openssl rsa -in privkey.pem -out installdir/apache2/conf/server.key
    

Windows

NOTE: OpenSSL is not typically installed on Windows. Before following the steps below, download and install a binary distribution of OpenSSL.

Follow the steps below once OpenSSL is installed:

  • Set the OPENSSL_CONF environment variable to the location of your OpenSSL configuration file. Typically, this file is located in the bin/ subdirectory of your OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

     $ set OPENSSL_CONF=C:\OPENSSL-DIRECTORY\bin\openssl.cfg
    
  • Change to the bin/ sub-directory of the OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

     $ cd C:\OPENSSL-DIRECTORY\bin
    
  • Generate a new private key:

     $ openssl genrsa -out installdir/apache2/conf/server.key 2048
    
  • Create a certificate:

     $ openssl req -new -key installdir/apache2/conf/server.key -out installdir/apache2/conf/cert.csr
    
    IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

     $ openssl x509 -in installdir/apache2/conf/cert.csr -out installdir/apache2/conf/server.crt -req -signkey installdir/apache2/conf/server.key -days 365
    
  • Back up your private key in a safe location after generating a password-protected version as follows:

     $ openssl rsa -des3 -in installdir/apache2/conf/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:

     $ openssl rsa -in privkey.pem -out installdir/apache2/conf/server.key
    

Find more information about certificates at http://www.openssl.org.

How to enable HTTPS support with SSL certificates?

NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:

  • Use the table below to identify the correct locations for your certificate and configuration files.

    Variable Value
    Current application URL https://[custom-domain]/
      Example: https://my-domain.com/ or https://my-domain.com/appname
    Apache configuration file installdir/apache2/conf/bitnami/bitnami.conf
    Certificate file installdir/apache2/conf/server.crt
    Certificate key file installdir/apache2/conf/server.key
    CA certificate bundle file (if present) installdir/apache2/conf/server-ca.crt
  • Copy your SSL certificate and certificate key file to the specified locations.

    NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.
  • If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table. Then, modify the Apache configuration file to include the following line below the SSLCertificateKeyFile directive. Choose the correct directive based on your scenario and Apache version:

    Variable Value
    Apache configuration file installdir/apache2/conf/bitnami/bitnami.conf
    Directive to include (Apache v2.4.8+) SSLCACertificateFile "installdir/apache2/conf/server-ca.crt"
    Directive to include (Apache < v2.4.8) SSLCertificateChainFile "installdir/apache2/conf/server-ca.crt"
    NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.
  • Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

     $ sudo chown root:root installdir/apache2/conf/server*
    
     $ sudo chmod 600 installdir/apache2/conf/server*
    
  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart the Apache server.

You should now be able to access your application using an HTTPS URL.

How to force HTTPS redirection with Apache?

Add the following to the top of the installdir/apps/codedx/conf/httpd-prefix.conf file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

After modifying the Apache configuration files:

  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart Apache to apply the changes.

How to debug Apache errors?

Once Apache starts, it will create two log files at installdir/apache2/logs/access_log and installdir/apache2/logs/error_log respectively.

  • The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.

  • The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.

If no error is found, you will see a message similar to:

Syntax OK

How to change the Java memory settings?

The Java Virtual Machine (JVM) determines the default settings for your Java application:

JAVA_OPTS="-Xms256m -Xmx512m"

The Tomcat server uses CATALINA_OPTS to set these Java settings when running:

CATALINA_OPTS="-Xms256M -Xmx768M"

You can increase these settings if necessary by following the steps below:

Linux and Mac OS X

  • Modify the settings file installdir/apache-tomcat/bin/setenv.sh:

     $ export CATALINA_OPTS="$CATALINA_OPTS -Xms256M -Xmx768M"
    

    NOTE: You could also modify the Java Virtual Machine (JVM) settings if you prefer.

       $ export JAVA_OPTS="$JAVA_OPTS -Xms256M -Xmx768M"
    
  • Restart Tomcat after modifying the file:

     $ installdir/ctlscript.sh restart tomcat
    

Windows

  • Modify the settings file installdir/apache-tomcat/bin/setenv.bat:

     $ SET CATALINA_OPTS="%CATALINA_OPTS% -Xms256M -Xmx768M"
    

    NOTE: You could also modify the Java Virtual Machine (JVM) settings if you prefer.

       $ SET JAVA_OPTS="%JAVA_OPTS% -Xms256M -Xmx768M"
    
  • Reinstall the services after modifying the file, as shown below. Run the following commands from an elevated command prompt:

     $ cd installdir
     $ serviceinstall.bat UNINSTALL
     $ serviceinstall.bat INSTALL
    

How to debug errors in Tomcat?

The main Apache Tomcat configuration file is at installdir/apache-tomcat/conf/server.xml.

Once Apache Tomcat starts, it will create several log files in the installdir/apache-tomcat/logs directory. The main log file is the catalina.out file where you can find error messages. On some platforms, you may need root account privileges to view these files.

How to find the MariaDB database credentials?

How to connect to the MariaDB database?

You can connect to the MariaDB database from the same computer where it is installed with the mysql client tool.

$ mysql -u root -p

You will be prompted to enter the root user password. This is the same as the application password.

How to debug errors in your database?

Please note that depending on the version you have installed, you may find the MariaDB files at installdir/mysql

The main log file is created at installdir/mariadb/data/mysqld.log on the MySQL database server host.

How to reset the MariaDB root password?

Please note that depending on the version you have installed, you may find the MariaDB files at installdir/mysql

If you don't remember your MariaDB root password, you can follow the steps below to reset it to a new value:

  • Create a file in /home/bitnami/mysql-init with the content shown below (replace NEW_PASSWORD with the password you wish to use):

     UPDATE mysql.user SET Password=PASSWORD('NEW_PASSWORD') WHERE User='root';
     FLUSH PRIVILEGES;
    
  • Stop the MariaDB server:

     $ sudo installdir/ctlscript.sh stop mariadb
    
  • Start MariaDB with the following command:

     $ sudo installdir/mariadb/bin/mysqld_safe --defaults-file=installdir/mariadb/my.cnf --pid-file=installdir/mariadb/data/mysqld.pid --init-file=/home/bitnami/mysql-init 2> /dev/null &
    
  • Restart the MariaDB server:

     $ sudo installdir/ctlscript.sh restart mariadb
    
  • Remove the init script

     $ rm /home/bitnami/mysql-init
    

How to change the MariaDB root password?

You can modify the MariaDB password using the following command at the shell prompt:

$ installdir/mariadb/bin/mysqladmin -p -u root password NEW_PASSWORD

Troubleshooting Code Dx

How to debug errors in Code Dx?

The Code Dx logs are stored at *installdir/apps/codedx/codedx_appdata/log-files folder.

How to debug errors in your database?

The main MariaDB log file is created at /var/opt/codedx/mariadb_data/mysqld.log.

How to get ready to upgrade Code Dx?

If you are presented with a summary of issues during a Code Dx upgrade, you may want to clean your current installation before continuing.

Clean file system

The upgrade process expects specific file(s) or folder(s) in the installation directory. If you are presented with a list of files, you could continue with the upgrade process by following the steps below:

  • Open the installation directory (Eg: C:\Program Files\Code Dx or /opt/codedx/codedx).
  • Remove the specified file(s) or folder(s) and leave the backup folder (backup-timestamp), the upgrade.ini file, and the properties.ini file.

Free ports

The upgrade process requires certain ports to be available. If you are presented with a list of ports, you could free them by following the steps below:

NOTE: In the example below, we will assume we have been presented with the port "8009".
Windows
  • Open the "Resource Monitor" application as an administrator.
  • Click the "Network" tab.
  • Click the "TCP Connections" bar to see a list of TCP connections stablished.
  • Look for one of the ports in the presented list:

    Codedx system ready

  • In order to continue with the upgrade process, you have to make sure that the presented ports are available. You have two options to do so:
    • Option 1: If you see a process using your port in the "Image" column, you should stop the service or application that spawned that process or end the current process:
      • Open the "Task Manager", search for the process name in the "Details" tab.
      • Right-click on the process and select the "End process tree" option.

        Codedx system ready

    • Option 2: If you see a "-" in the "Image" column, associated with your port, please wait until it disappears from the list.

      Codedx system ready

Linux and OS X
  • List the processes listening a TCP connection using the command line:

     $ sudo lsof -iTCP:8009 -sTCP:LISTEN
     COMMAND   PID    USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
     java    81106 bitnami   50u  IPv4 40576813      0t0  TCP *:8009 (LISTEN)
    
  • In order to continue with the upgrade process, you have to make sure that the presented ports are available. You should stop the service that spawned the process or end the current process (see the number under the PID column):

     $ sudo kill -15 81106
    

Remove services

On Windows, the upgrade process requires specific Code Dx services. Other Code Dx services should be removed. If you are presented with a list of services, you could remove them by following the steps below:

NOTE: In the example below, we will assume we have been presented with the service "CodeDxMariaDB".
  • Open the "Command Prompt" application as an administrator.
  • Remove the presented service by doing:

     > sc delete CodeDxMariaDB
     [SC] DeleteService SUCCESS
    

How to restore a previous Code Dx installation?

If you were upgrading Code Dx and the process failed, you can recover your previous installation by following the next steps:

  • Stop all services using the graphical manager or the command line:

     $ cd installdir
     $ ./ctlscript.sh stop
    
  • Clean your installation directory except the backup-DATETIME directory.

     $ cd installdir
     $ rm -rf !(backup-*)
    
  • Copy the content of the backup sub-directory to the installation directory.

     $ cd installdir
     $ cp -r backup-DATETIME/backup/* .
    

    The backup directory has the date and time of the backup as a suffix. Please remember to replace the placeholders in the previous command with the correct values.

  • If Code Dx was installed on Linux as the root user or on Windows, restore the Code Dx data to the external directory where Code Dx data is stored. This directory is /var/opt/ for Linux and C:\ProgramData* for Windows. Copy the *backup/codedx/codedx_data subdirectory to this directory, such that the result is /var/opt/codedx for Linux or C:\ProgramData\codedx for Windows.

  • If Code Dx was installed on Linux as the root user, set the correct file permissions.

     $ cd installdir/apache-tomcat
     $ sudo chown -R tomcat:tomcat conf/ logs/ temp/ webapps/ work/
     $ cd /var/opt/codedx/mariadb_data
     $ sudo chown -R mysql *
    
  • Start all services using the graphical manager or the command line:

     $ cd installdir
     $ ./ctlscript start    
    

How to run a code analysis?

In this example we will be analysing the source code from a Github repository but you could also upload your own .zip file with your source code.

  • Go to the "Projects" tab and create a new project by clicking the "New Project" button.

    Code Dx code analysis

  • Click on the cogwheel icon in the top right corner and select "Git Config".

    Code Dx code analysis

  • Enter the URL to the Github repository and click "Ok".

    Code Dx code analysis

  • When Code Dx finishes cloning the repository, click the "New Analysis" button, followed by the "Begin Analysis" button to launch the analysis.

    Code Dx code analysis

  • Upon completion of the analysis, click the "here" link to see the results.

    Code Dx code analysis

How to skip the disk space validation on Windows?

If you were upgrading Code Dx on Windows and the process was unable to calculate the installation or the backup size, you need to validate the disk space by following the steps below:

  • Check the size of your current installation and data directories.

  • Make sure you have enough disk space for the installer to perform a backup of the installation and data directories.

  • Open a command prompt and move to the folder where you downloaded the new installer. In this example, the folder is the C:\Users\Administrator\Downloads folder; replace this with the correct path for your system.

    $ cd C:\Users\Administrator\Downloads
    
  • Run the installer as follow. Remember to replace the VERSION and REV placeholders with the correct values.

    $ codedx-VERSION-REV-windows-x64-installer.exe --codedx_skip_disk_space_validation 1
    

How to use a PFX certificate and private key with Code Dx?

The Code Dx installer can accept CRT, CER and KEY files for SSL configuration. You can generate these from the PFX file with the OpenSSL binary.

Follow the steps below for your platform.

Linux and Mac OS X

NOTE: OpenSSL will typically already be installed on Linux and Mac OS X. If not installed, install it manually using your operating system's package manager.

Follow the steps below:

  • Execute the following commands to generate the required files from your PFX file:

     $ openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.cer
     $ openssl pkcs12 -in domain.pfx -nocerts -nodes  -out domain.key
     $ openssl pkcs12 -in domain.pfx -nodes -nokeys -cacerts -out domain-ca.crt
    

    You will be prompted for a password as you execute each command. This is the password that was configured when the PFX file was first generated.

  • View the generated private key to see if it is encrypted. If the first line of the private key file contains the text BEGIN ENCRYPTED PRIVATE KEY, it is encrypted and you must decrypt it before proceeding. Execute the following command to decrypt the private key:

    $ openssl rsa -in domain.key -out domain-rsa.key
    

    Verify that the first line of the key now contains the text BEGIN RSA PRIVATE KEY, which indicates that it is no longer encrypted.

Once the necessary files are generated, select them in the "Configure SSL Settings" page of the installer and proceed with the installation in the usual manner.

Windows

NOTE: OpenSSL is not typically installed on Windows. Before following the steps below, download and install a binary distribution of OpenSSL.

Follow the steps below once OpenSSL is installed:

  • Set the OPENSSL_CONF environment variable to the location of your OpenSSL configuration file. Typically, this file is located in the bin/ subdirectory of your OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

     $ set OPENSSL_CONF=C:\OPENSSL-DIRECTORY\bin\openssl.cfg
    
  • Change to the bin/ sub-directory of the OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

     $ cd C:\OPENSSL-DIRECTORY\bin
    
  • Execute the following commands to generate the required files from your PFX file:

     $ openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.cer
     $ openssl pkcs12 -in domain.pfx -nocerts -nodes  -out domain.key
     $ openssl pkcs12 -in domain.pfx -nodes -nokeys -cacerts -out domain-ca.crt
    

    You will be prompted for a password as you execute each command. This is the password that was configured when the PFX file was first generated.

  • View the generated private key to see if it is encrypted. If the first line of the private key file contains the text BEGIN ENCRYPTED PRIVATE KEY, it is encrypted and you must decrypt it before proceeding. Execute the following command to decrypt the private key:

    $ openssl rsa -in domain.key -out domain-rsa.key
    

    Verify that the first line of the key now contains the text BEGIN RSA PRIVATE KEY, which indicates that it is no longer encrypted.

Once the necessary files are generated, select them in the "Configure SSL Settings" page of the installer and proceed with the installation in the usual manner.

nativeInstaller

Bitnami Documentation