How to avoid issues in situations where you have to use an IP address to connect to your CI Fuzz server
When this is needed
- You want a proof of concept that involves CICD integration, but you can't modify your DNS for some reason
- You have a cloud CICD platform and you can't or don't want to assign a domain to CI Fuzz.
You need to add the IP address of CI Fuzz to the alternative names section. Some certificate authorities allow that (Let's Encrypt does not), or you can sign the certificate yourself.
Here is an example of how to create a self signed certificate for a CI Fuzz server that will be accessed both using a host name and an IP address:
openssl req -x509 -newkey rsa:4096 -keyout cifuzzkey.pem -out cifuzzcert.pem -days 1000 -subj '/CN=cifuzz.yourcompany.com' -addext "subjectAltName = DNS:cifuzz.yourcompany.com,IP:184.108.40.206" -nodes
Replace yourcompany.com and 220.127.116.11 with with the hostname and IP address you will be using to connect to CI Fuzz server.
Warning! It is important that both are listed in the subjectAltName field. This is because a go library that is used by CI fuzz does not take the Common Name section into account when verifying the certificate, if the Alternative Names section exists.
Ensure that CICD platform can connect to CI Fuzz
If you have CI Fuzz in your private network and your CICD platform in the cloud, you need to whitelist the CICD platform's IP addresses on your firewall and set up port forwarding.
These IP addresses can be found in your platform's documentation. Here is an example for Travis CI.
Add your certificate to your CICD platform
explained at the end of the contiuous fuzzing setup tutorial