How to Avoid Issues in Situations Where You Have to Use an Ip Address to Connect to Your CI Fuzz Server
When This Is Needed
- You want a proof of concept that involves CI/CD integration, but you can't modify your DNS for some reason
- You have a cloud CI/CD platform, and you can't or don't want to assign a domain to CI Fuzz.
You need to add the IP address of CI Fuzz to the alternative names section. Some certificate authorities allow that (Let's Encrypt does not), or you can sign the certificate yourself.
Here is an example of how to create a self-signed certificate for a CI Fuzz server that will be accessed both using a host name and an IP address:
openssl req -x509 -newkey rsa:4096 -keyout cifuzzkey.pem -out cifuzzcert.pem -days 1000 -subj '/CN=cifuzz.yourcompany.com' -addext "subjectAltName = DNS:cifuzz.yourcompany.com,IP:220.127.116.11" -nodes
Replace yourcompany.com and 18.104.22.168 with with the hostname and IP address you will be using to connect to CI Fuzz server.
Warning! It is important that both are listed in the subjectAltName field. This is because a go library that is used by CI fuzz does not take the Common Name section into account when verifying the certificate, if the Alternative Names section exists.
Ensure that CI/CD platform can connect to CI Fuzz
If you have CI Fuzz in your private network and your CI/CD platform in the cloud, you need to whitelist the CI/CD platform's IP addresses on your firewall and set up port forwarding.
These IP addresses can be found in your platform's documentation. Here is an example for Travis CI.
Add your certificate to your CI/CD platform
explained at the end of the Contiuous Fuzzing Setup tutorial