Troubleshooting

If a user has the proper project permissions, any errors that occur while running integration steps will display in the web interface. More information about integrating with third-party systems can be found by adding -d (debug) command-line arguments.

Trust a new TLS Certificate

Windows

Import a trusted CA certificate to the Windows Certificate Store by double-clicking it and following the Certificate Import Wizard.

Linux
  1. Obtain a remote self-signed server certificate using openssl:

    openssl s_client -connect [SD Elements or Issue Tracker URL]:443 <<<'' | openssl x509 -out /tmp/cacert.pem
  2. Manually add an SSL certificate into the system CA bundle by first determining your Linux distribution:

    1. As a user for Centos/RHEL with sudo permissions, where your certificate exists as /tmp/cacert.pem:

      sudo cp /tmp/cacert.pem /etc/pki/ca-trust/source/anchors/
      sudo update-ca-trust enable && sudo update-ca-trust extract
    2. As a user for Ubuntu with sudo permissions, where your certificate exists as /tmp/cacert.pem:

      sudo apt-get install ca-certificates
      sudo cp /tmp/cacert.pem /usr/local/share/ca-certificates
      sudo update-ca-certificates --fresh

Disable TLS certification validation for integrations

If you are unable to install a custom certificate for the integration tool or wish to temporarily disable it for testing, follow the steps below to disable the verification check.

Windows

This can be configured in the setup wizard by toggling the corresponding option for issue tracker, verification tool, or LDAP. It can still be modified post-installation via the config.txt file in the installation location. Inside the config.txt file, change the boolean value for the corresponding entry under the commands_params field from True to False.

Example config that disables all SSL validation certs:

[sdelements]
...
command_params={"issue_tracker_validate_cert":"False", "analysis_validate_cert":"False", "ldap_validate_cert":"False"}
Linux

You can modify RIA command to optionally include the argument --command_params to specify which validation check to disable or modify the config file similar to Windows.

Example command to disable SSL verification check for issue trackers:

sderic command_driver --sde_api_token=APIv2_CONNECTION_STRING --command_params='{"issue_tracker_validate_cert":"False"}'

Run a specific integration type for an Issue Tracker or scanner

Linux

The ## value is a database ID. This value is not shown on the Web UI, but you can find it in the project connection links:

sderic command_driver --filter_connections=alm-## --sde_api_token=APIv2_CONNECTION_STRING
  1. Navigate to the project for which you want integration with an Issue Tracker or scanner.

  2. Select the Integration tab to find a list of connections with a "Sync" button.

  3. Click the button to start syncing the Countermeasures over to an Issue Tracker (such as Jira or Rally).

  4. Examine the links of each connection. These links have a form similar to:

    https://your.server.com/bunits/general/demo-application/demo-project/integration/issue-tracker/335
  5. When you find the integration you want to run, examine its URL to ensure it is similar to the one above.

Connect through a proxy

The Remote Integration Console can normally detect when it should connect through a proxy server. In cases where it cannot, it is possible to manually configure it to do so.

Windows
  1. Open "integrate.bat" in the application directory. By default it is located at:

    C:\Users\YOUR-NAME\AppData\Local\Programs\SD Elements Remote Integration\integrate.bat
  2. Add the proxy’s server and port to the top of the file:

    SET https_proxy=http://someproxy.com:3128
Linux
  1. Before calling the "sderic" process, set the "https_proxy" environment variable to the proxy’s server and port:

    export https_proxy=http://someproxy.com:3128
Try HTTPS_PROXY if https_proxy does not give the desired behavior. If connecting over http to the server, replace https_proxy with http_proxy.

Bypass the proxy for certain hosts

When a proxy is configured, all connections flow through it. There are situations when the Remote Integration Agent needs to connect through a proxy to access SD Elements, but connect normally to an internal Issue Tracker server (internal.alm.server). In this case, set the no_proxy environment variable.

Windows
  1. Open "integrate.bat" in the application directory. By default, it is located here:

    C:\Users\YOUR-NAME\AppData\Local\Programs\SD Elements Remote Integration\integrate.bat
  2. Add the following line using your internal server name (FQDN or IP):

    SET no_proxy=internal.alm.server
Linux
  1. Before calling the "python sde.py" process, set the "no_proxy" environment variable and include your internal server name (FQDN or IP):

    export no_proxy=internal.alm.server
Try NO_PROXY if no_proxy does not give the desired behavior.
Add additional servers to the no_proxy setting by separating each FQDN or IP with a comma.

results matching ""

    No results matching ""