Configure an Engine to Use Custom Certificates - Replace the self-signed certificate for an engine with a valid CA certificate for communication tasks. - Administrator Guide - 6.12 - Cortex XSOAR - Cortex

Configure an Engine to Use Custom Certificates - Replace the self-signed certificate for an engine with a valid CA certificate for communication tasks. - Administrator Guide - 6.12 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product

Cortex XSOAR

Version

6.12

Creation date

2023-04-30

Last date published

2025-10-27

Category

Administrator Guide

Abstract

Replace the self-signed certificate for an engine with a valid CA certificate for communication tasks.

For communication tasks that go through an engine, you can replace the default self-signed certificate for the engine with your own certificate.

Find the two files created by the engine. The default location is /usr/local/demisto.
d1.key.pem
d1.cert.pem
Replace the contents of these files with your own certificates.
Change file owner to demisto:
chown -R demisto:demisto d1.key.pem
chown -R demisto:demisto d1.cert.pem
Set the file permissions:
chmod 600 d1.key.pem
chmod 644 d1.cert.pem
(Optional) If you are using a key passphrase for your custom certificate, add the passphrase to your engine configuration:
1. Go to Settings → Engines.
2. Create New Engine and provide an engine name or select an existing engine and Edit Configuration.
3. Select Use a passphrase for the engine certificate private key.
4. Click Save.