AppScan Central Platform

The AppScan Central Platform is the foundation of HCL AppScan 360°. It includes the browser-based user interface, APIs, and core server components. The AppScan Central Platform (ASCP) also requires the customer to provide an SQL Server DB and Active Directory (via LDAP).

Install options

Parameter	Use to...
`-installdb`	Create a new database or apply updates to an existing one.
`-reconfigure`	Re-read the configuration settings from the AppScan360.config file or install an update package.
`-sslpass`	Provide an SSL certificate password instead of providing it interactively during installation.

SSL setting

AppScan 360° supports either a self-signed certificate (created automatically during installation) or a user-provided certificate.

Root CA certificate

ASCP installation creates a self-signed root CA certificate which is used to create internal certification for secure communication between ASCP and AppScan 360° Static Analysis. It encrypts all communication between ASCP and the various engines connected to it.

The certifiate is installed in the “Root” certificate store of the local machine. After installation the root CA certificate and private key are saved in:

 <installation_folder>\Certs\

To see how to pass this certificate to AppScan 360° Static Analysis, refer to Static analysis (SAST)

Web application certificate

In addition to RootCA you need a web application certificate:

Provide your organization’s SSL certificate for the AppScan 360° website. The supported certificate formats are PFX or Certificate and Key pair (PEM).
If not provided by the user, a web application certificate is created automatically, installed on the IIS server and bound to all ports that use HTTPS.

The certificate is installed on AppScan 360° machine, in the “Personal” certificate store, and is used only for the AppScan 360° website.