This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
aranisiva
Cadet 1st Class Cadet 1st Class
Cadet 1st Class
‎2017-01-27 02:56
6506 views

Issue while uploading FPR to SSC

I recently integrated Fortify SCA(On-premise) with VSTS and as part of ‘Run Fortify On’ task created in VSTS it uploads FPR file to SSC after scan. The upload FPR command was working file when my SSC portal is accessible through HTTP. Now I upgraded SSC portal to be accessible via HTTPS. But FPR upload is getting failed as shown below:

----------------------------------------------------------------------------------------------------------------------------

PS C:\> fortifyclient.bat uploadFPR -url https://ServerName:8443/ssc/ -user admin -f D

:\VSAgentWork\1\a\sca_artifacts\SCA_Build_1.fpr -application Web Application -applicationVersion

First Version

Enter Password:

The HPE Security Fortify SSC server could not be contacted.  Please check your network connection and try again.  If the

error persists, please contact your system administrator.

---------------------------------------------------------------------------------------------------------------------

SSC works fine when we access from browser. Need pointers to resolve this issue.

Tags (2)
0 Likes
Reply
Report Inappropriate Content
2 Replies
Stanislav S
Commander
Commander
‎2017-01-27 09:54

Hi Siva,

first of all, I would check the network connectivity from that host. Also try running the command with the -debug parameter.

Secondly, can you access the SSC server from Audit Workbench or the Developer Plugin on that host? Perhaps you need to import the SSL certificate from the SSC server to the keystore of Workbench?

0 Likes
Reply
Report Inappropriate Content
stephen.b.burri
Commander Commander
Commander
‎2017-01-27 15:34

The SSL certificate that the SSC site uses needs to be loaded into the Java KeyStore that Fortify SCA uses, at the location <Fortify SCA Install Location>/jre/lib/security/cacert

You can use the java keytool which is located in the /jre/bin/ folder

keytool -keystore <KeyStore File> -importcert -alias <aliasName> -file <cert file>

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.