Step 3: Enabling secure communication

You can enable encrypted communication (HTTPS) to ensure secure communication between your server and all users that access it. You can base your communication on self-signed certificates that are provided by default in BigFix Inventory, but these certificates are not intended for production environments. To improve security, create your own private key and certificate, and upload them to BigFix Inventory.

Before you begin

  • The use of HTTPS is enabled by default, but this configuration is based on temporary self-signed certificates that are not intended for production environments.
  • Enabling or disabling the use of HTTPS changes the web address of your BigFix Inventory server. Ensure that you run a data import afterward to update the address in the Fixlets that use it to download files from the server.


  1. Log in to BigFix Inventory.
  2. In the top navigation bar, click Management > Server Settings.
  3. Select Use HTTPS. The Certificate subsection opens.
    Important: Starting from application update , the use of HTTPS is selected by default.
  4. Provide information about the certificate.
    • If you have a private key and a certificate:
      Note: The certificate and the key must be PEM-encoded or enfolded in PKCS#12 KeyStore.
      1. Select Import a PEM or PKCS#12 private key and certificate.

        In application updates earlier than , select Import a PEM encoded private key and certificate.

      2. Click Browse to locate the file in the PEM or PKCS#12 format.
      3. If the private key and certificates are delivered in separated files, select Private key is in a separate file and locate the private key file.
      4. In the Private key password field, enter the password for the key. This field is required only if you set a password for your private key.
      5. Click Save.
      Note: The certificate and the key must be PEM-encoded.
    • If you want to generate a new self-signed certificate:
      Restriction: A self-signed certificate contains a public key, information about the owner of the certificate, and the owner's signature. Because such a certificate is signed by its own private key, it does not provide means to verify the origin of the certificate through a trusted certificate authority.
      1. Select Generate a self-signed certificate.
      2. Specify the certificate subject common name. The common name must correspond to the DNS name of BigFix Inventory.
      3. In the Expiration Date field, enter the date when the certificate expires.
      4. Click Save.
      Note: Most browsers display a warning message when a self-signed certificate is used.
  5. Restart the server.


You enabled secure communication on your server. All outgoing communication is now encrypted with the private key that you provided.