BigFix PlugIn and MDM SSL certificates and keys

SSL certificates and keys are required to authenticate the BigFix MDM PlugIn(s) to the MDM Server.

These certificates and keys must be generated through the BESAdmin command. The generated SSL certificates/keys are stored in the directory that you specify in the BESAdmin command.
Note: You must have a reachable DNS host name to run the commands in the BESAdmin tool to generate certificates.
To generate SSL certificates on a Windows BigFix root server, run this command:
BESAdmin.exe /generateplugincertificates /certificatespath:<path-to-store-certs> [/commonname:<CN-for-server-and-client-cert>]
To generate SSL certificates on a Linux BigFix root server, run this command: -generateplugincertificates -certificatespath=<path-to-store-certs> [-commonname:<CN-for-server-and-client-cert>
  • For commonname, use the FQDN name of the MDM Server.
  • These commands work only if path-to-store-certs directory exists.

The following SSL certificates are generated in the folder that you created. You have to use these SSL certificates and keys when you install the MDM Plugin and MDM Server.
  • ca.cert.pem
  • client.cert.pem
  • client.key
  • server.cert
  • server.key
BigFix MDM server TLS certificate and key
The BigFix MDM server requires a CA-signed TLS certificate to protect the communications from the endpoint to the BigFix MDM server. The SSL certificate is deployed through the MDM Server installation in the WebUI.
BigFix MDM server installation requires the following information:
  • MDM Server TLS certificate chain with a .crt or .pem extension
  • MDM Server TLS private key with a .key extension
  • MDM Server TLS private key password
Note: Depending on the trusted CA you use, if this information is in a format other than the required format, you need to work offline to get it in the required format before installing the MDM server.

See additional notes at BigFix MDM Server TLS Certificate Content.