Installing the AppScan Central Platform
- Download and extract ASCP installer files to a target installation directory.
- Preconfigure AppScan 360° settings.
- Install ASCP with components configured in step 2.
- Configure connections to ASCP and the AppScan 360° server.
Downloading and extracting installation files
- Download the ASCP installer from HCL License and Download Portal.
- In the folder to which the installer was downloaded, run the executable
file:
[AppScan360 installer].exeThis creates and populates a folder named
AppScan360in the folder in which it is run. -
To specify a different destination folder, specify the destination on the command line:
[AppScan360 installer].exe -o"[c:[destination]"
Preconfiguring AppScan 360° settings
- In the extraction directory, locate the
install.configfile and open it in a text editor. - Edit the parameters in the file according to your requirements. These parameters are
critical for AppScan 360° to function.Note: The supported certificate formats are
PFXor Certificate and Key pair (PEM).
| Parameter | Description |
|---|---|
DB_NAME=<AppScan360_db_name> |
Database name. It is created at the database instance provided below. |
DB_HOST=<db.domain.com> |
The name of the machine with MSSQL server installed. |
DB_USERNAME=<db_admin_username> |
A database user with db-creator permissions. |
DB_PASSWORD=<db_admin_password> |
The password for the above user. |
| Parameter | Description |
|---|---|
SAST_SERVICE_FQDN=<sast.domain.com> |
Static analysis FQDN (without scheme or path). |
USE_EXTERNAL_SERVER_CERTIFICATE=<True/False> |
Configure this option if you want to use your own PFX format certificate for your AppScan 360° web application. If you do not, a self-signed PFX format certificate is generated during the installation process. This option affects the next four parameters. |
| PFX certificate | |
SERVER_PFX_FILE_PATH=<absolute path to PFX file> |
The path to your PFX certificate file. |
SERVER_PFX_FILE_PASS=<password> |
The password for the PFX certificate file. Note: If you
configure your own PFX file, any CRT file
parameters will be ignored. |
| PEM certificate | |
SERVER_CRT_FILE_PATH=<absolute path to CRT file> |
The path to your PEM certificate file. |
SERVER_KEY_FILE_PATH=<absolute path to KEY file> |
The path to your PEM certificate key file. |
| Self-signed certificate | |
CUSTOM_USERSITE_FQDN=<site.company.com> |
If you choose not to use your own certificate, a self-signed certificate is created for you. You can specify here the DNS name of your choice. Make sure this FQDN is DNS resolvable. |
| LDAP | |
USE_LDAP=False |
To enable LDAP authentication, set to True. |
LDAP_USERNAME= |
User with LDAP read permissions. |
LDAP_PASSWORD= |
Password for the above user. |
LDAP_DOMAIN= |
LDAP domain. |
EXTERNAL_IDP_MODE=AutoOnboard |
Define your method for on-boarding new users:
|
LDAP_AUTHORIZED_GROUPS= |
When EXTERNAL_IDP_MODE is set to
GroupsAccess, list the name(s) of the groups whose members will be
authorized automatically. |
| SMTP | |
MAIL_SMTP_HOST= |
SMTP server host name. |
MAIL_SMTP_PORT= |
SMTP server port. |
MAIL_SMTP_ENABLE_SSL= |
Use SSL For SMTP. |
MAIL_SMTP_USERNAME= |
SPTP server username. |
MAIL_SMTP_PASSWORD= |
SMTP server password. |
MAIL_SMTP_SITE_URL= |
Site URL. Used to create a link in the emails. |
Installing AppScan Central Platform
The install process sets up websites on ports 80, 443, and 8081. To avoid conflicts, make sure that no existing site on the installation machine uses any of these ports.
Ports 80 and 443 must be open for all AppScan 360° users in your organization.
This process installs peripheral software, updates Windows Server features, creates IIS components, and configures the products based on the AppScan 360° settings you configured.
- Open Windows PowerShell as an Administrator.
- Navigate to the AppScan 360° installation folder and
run:
After a few minutes, a confirmation shows that AppScan 360° is installed and ready to use..\install.ps1 -installdbImportant: To run scans you must activate AppScan 360° with a license key.Note: During this process, a copy ofinstall.config, namedascp.configis saved in the same folder. This will be used when upgrading, to preserve your configuration.
In addition, the following installation options can be used to perform specific tasks:
| Parameter | Use to... |
-installdb |
Create a new database or apply updates to an existing one. |
-reconfigure |
Re-read the configuration settings from the AppScan360.config file or install an update package. |
-sslpass |
Provide an SSL certificate password instead of providing it interactively during installation. |
Configure connections to ASCP and the AppScan 360° server
SSL setting
AppScan 360° supports either a self-signed certificate (created automatically during installation) or a user-provided certificate.
Root CA certificate
ASCP installation creates a self-signed root CA certificate which is used to create internal certification for secure communication between ASCP and AppScan 360° Static Analysis. It encrypts all communication between ASCP and the various engines connected to it.
<installation_folder>\Certs\The Root CA certificate must also be installed on every machine that accesses ASCP and the AppScan 360° server.
To see how to pass this certificate to AppScan 360° Static Analysis, refer to Static analysis (SAST)
Web application certificate
- Provide your organization’s SSL certificate for the AppScan 360° website. The supported certificate formats are PFX or Certificate and Key pair (PEM).
- If not provided by the user, a web application certificate is created automatically, installed on the IIS server and bound to all ports that use HTTPS.
Examples
The following command performs a clean install, pre-sets the self signed certificate's
password to Pass1234 and initializes the database:
.\installer.ps1 -installdb -sslPass Pass1234The following command reconfigures (updates/upgrades) ASCP, and looks for the config file in a non-default directory.
.\installer.ps1 -reconfigure -configPath C:\AppScan360.config