Working with SSL

Incredibuild secures all communication between the Coordinator user interface and the Coordinator. However, you can configure Incredibuild to use SSL to secure communication across all Incredibuild components.

When installing Incredibuild components (Coordinator or Agents), you select your certificate in the installation wizard or during silent installation. If you are using Cloud machines, you upload your certificate in the Cloud Settings. Additionally, a few settings are required in the Coordinator to enable SSL.

Note: You cannot add the certificates after installing Incredibuild on your components. This must be done during the installation process.

Enabling SSL

To enable SSL, check the Encrypted communications box in the Coordinator Settings > General > Network area.

Specify a secured port to manage communication between the Coordinator and Agents.

Enter a regular expression to validate your agent names. For details, see the following section.

Certificate Verification

Incredibuild validates SSL certificate whenever communication is initiated between Incredibuild machines. When verifying a Coordinator, we validate the common name (CN), CA, expiration date, and verify that the certificate is not revoked.

When verifying an Agent, we validate the CA, expiration date, and verify that the certificate is not revoked. Validating the common name (CN) is a bit more complicated as many of our users have thousands of agents that are sometimes dynamically created. This makes maintaining unique certificates more of a challenge. Therefore, we have two options: 

  1. Do not validate the common name at all when using SSL. This is slightly less secure, but the certificates are still validated based on CA, expiration date, and revocation lists.

  2. Validate the common name using a regular expression instead of an exact match. For example, if all of your machine names are of the form "Agent123" where 123 is a dynamic number, you can use a regular expression to define that pattern. Then any Agent whose name matches the regular expression will be verified during the certificate validation process.

If you do not enter a regular expression, we will not disqualify the validation based on common names.

Regular expressions can be entered in the Coordinator Settings > General tab > Network > Agent certificate validation field. They must be less than 999 characters.

Limitation

Backup Coordinators will not work in an environment that has SSL enabled.