Replace the self-signed certificate for an engine with a valid CA certificate for communication tasks.
For communication tasks that go through an engine, you can replace the default self-signed certificate for the engine with your own certificate.
Find the two files created by the engine. The default location is
/usr/local/demisto
.d1.key.pem
d1.cert.pem
Replace the contents of these files with your own certificates.
Change file owner to demisto:
chown -R demisto:demisto d1.key.pem
chown -R demisto:demisto d1.cert.pem
Set the file permissions:
chmod 600 d1.key.pem
chmod 644 d1.cert.pem
(Optional) If you are using a key passphrase for your custom certificate, add the passphrase to your engine configuration:
Go to
→ .Create New Engine and provide an engine name or select an existing engine and Edit Configuration.
Select Use a passphrase for the engine certificate private key.
Click Save.