Closed xakrurychle closed 1 year ago
@xakrurychle I guess the proxy server is using a certificate that is signed by an internal CA? In that case, you'd need to point fcli to a trust store containing the appropriate certificates, using the fcli config truststore set
command. Can you please confirm?
Hi @rsenden, so I've done following:
1) set cacerts as trustore. Previously I had set trustore for tomcat but that was probably wrong, so I used cacerts we use for client side
2) set proxy
3) ran command ./fcli tool sc-client install 23.1.0 -d ../fcli_scancentral/ -t <pass> --log-level TRACE
which returns with error
java.lang.RuntimeException: Entry with an illegal path: bin/
at com.fortify.cli.tool.common.util.FileUtils.extractZip(FileUtils.java:77)
at com.fortify.cli.tool.common.cli.cmd.AbstractToolInstallCommand.install(AbstractToolInstallCommand.java:122)
at com.fortify.cli.tool.common.cli.cmd.AbstractToolInstallCommand.downloadAndInstall(AbstractToolInstallCommand.java:93)
at com.fortify.cli.tool.common.cli.cmd.AbstractToolInstallCommand.getJsonNode(AbstractToolInstallCommand.java:72)
at com.fortify.cli.common.output.cli.cmd.AbstractOutputCommand.run(AbstractOutputCommand.java:33)
at picocli.CommandLine.executeUserObject(CommandLine.java:2104)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2539)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2531)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2493)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2351)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2495)
at picocli.CommandLine.execute(CommandLine.java:2248)
at com.fortify.cli.app.FortifyCLI.execute(FortifyCLI.java:74)
at com.fortify.cli.app.FortifyCLI.main(FortifyCLI.java:56)
@xakrurychle Thanks for the feedback. Can you please try without the -d
option, and/or pass an absolute path to the -d
option? I think the relative path may be causing this issue.
@xakrurychle Thanks for the feedback. Can you please try without the
-d
option, and/or pass an absolute path to the-d
option? I think the relative path may be causing this issue.
Hi, yes it turned out to be the relative path issue. With /home/destination/ the command finished succesfully
./fcli tool sc-client install 23.1.0 -d /home/<destination>/ -t <pass> --log-level TRACE
Name Version Default Installed Install dir Bin dir Action
sc-client 23.1.0 Yes Yes /home<destination>/ /home/<destination>/bin INSTALLED
For some reason I am not able to install sca client or vuln-exporter.
case1) without proxy - time out This one I quite understand as I am behind our company's proxy.
case2) with proxy - PKI cert error This case I don't understand. As for a final user there seems to be no need to provide any GitHub keys or anything. Wherever the download file comes from I assume is handled internally. Do I need to set something within FCLI that I missed?