Strict Certificate Verification on Broker Connections

The Remote Control controller and target, instructed by the remote control server, uses strict certificate validation by default when connecting to a broker. This verification requires a trust store that contains the trusted certificate.

The target downloads and caches the trust store when registering, during the call home process with the server, during a remote control session or when configured using the BigFix Console Remote Control target configuration wizard. The controller downloads the trust store at the start of the remote control session.

The trust store must contain the Certificate Authority's root certificates when using a CA signed certificate, or the broker certificate when using self-signed certificate. In this case the certificate needs to be exported from the keystore and uploaded to the Remote Control.

The use of strict certificate validation is determined by the broker.trusted.certs.required property in the trc.properties file on the remote control server.
Set to Yes
Strict certificate validation is enabled. This is the default value.
Set to No
Strict certificate validation is disabled.
Note: Disabling strict verification is not recommended. When strict verification is disabled, the Remote Control controller and target will trust all valid certificates, whether they were generated by you or by a potentially malicious third party.