SSL and Encryption

Using SSL Certificates to Access the Coordinator User Interface

When installing Incredibuild components (Coordinator or Agents), we recommend that you add your own SSL certificate in the installation wizard or during silent installation. If you are using Cloud machines, you upload your certificate in the Cloud Settings.

Important: You cannot add the certificates after installation. For assistance, contact support@incredibuild.com.

If you do not upload your own certificates, Incredibuild uses a generic certificates to secure all communication between the Coordinator user interface and the Coordinator. However, this default certificate will cause Chrome to issue a warning every time you access the Coordinator user interface. While you can ignore this warning every time, we recommend using your own certificate to improve security.

Encrypting Communication Between the Coordinator and Agents

Whether or not you uploaded your own certificates, you can encrypt communication between Incredibuild's internal components. By default, communication between the Coordinator and Agents is not encrypted as these machines are often on the same environment. To encrypt communication between these components, check the Encrypted communication box in the Coordinator Settings > General > Network area and specify a secured port to manage the communication.

Limitation: Backup Coordinators will not work in an environment that has encrypted communication enabled.

You do not need to enter anything in the Agent certificate validation unless you want to enhance your certificate security. For details, keep reading.

Agent Certificate Validation

Incredibuild validates SSL certificates whenever communication is initiated between Incredibuild machines. When verifying the Agent certificate, we validate the CA, expiration date, and verify that the certificate is not revoked. There is also an advanced option to verify the common name (CN).

As many of our users have hundreds of agents that are sometimes dynamically created, instead of verifying each CN individually, Incredibuild verifies them using a single regular expression. For example, if all of your machine names are of the form "Agent123" where 123 is a dynamic number, you can use a regular expression to define that pattern. Then any Agent whose name matches the regular expression will be verified during the certificate validation process.

Regular expressions must be less than 999 characters.