Configuring HTTPS manually on Windows systems
When you have an SSL certificate (a .pem
file),
place it on the computer running REST API (usually the server) and
follow these steps:
- Run regedit and locate
HKEY_LOCAL_MACHINE\Software\BigFix\EnterpriseClient\Settings\Client
for x32 systems andHKEY_LOCAL_MACHINE\Software\Wow6432Node\BigFix\EnterpriseClient\Settings\Client
x64 systems.You need to add or modify subkeys for the HTTPS flag, for the location of the SSL certificate, for the HTTPS port number, and for the redirection to HTTPS.
- Create a subkey of Client called
_BESRelay_HTTPServer_UseSSLFlag
(it might already exist). - Create a string value (reg_sz) for the key
_BESRelay_HTTPServer_UseSSLFlag
called value and set it to 1 to enable HTTPS. - Create a subkey of Client called
_BESRelay_HTTPServer_SSLCertificateFilePath
(it might already exist). - Create a string value (reg_sz) for the key
_BESRelay_HTTPServer_SSLCertificateFilePath
called value and set it to the full path name of the SSL certificate (cert.pem). - Create a subkey of Client called
_BESRelay_HTTPServer_PortNumber
(it might already exist). - Create a string value (reg_sz) for the key
_BESRelay_HTTPServer_PortNumber
called value and set it to the port number you want to use (typically 443). - Create a subkey of Client called
_BESRelay_HTTPRedirect_Enabled
(it might already exist). - Create a string value (reg_sz) for the key
_BESRelay_HTTPRedirect_Enabled
called value and set it to 1 to enable the browser redirection to HTTPS. - Create a subkey of Client called
_BESRelay_HTTPRedirect_PortNumber
(it might already exist). - Create a string value (reg_sz) for the key
_BESRelay_HTTPRedirect_PortNumber
called value and set it to the number of the port listening for HTTP connection and redirecting the client to HTTPS. - Restart the
besserver
service.