Configuring HTTPS manually on Windows systems

When you have an SSL certificate (a .pem file), place it on the computer running REST API (usually the server) and follow these steps:

  1. Run regedit and locate HKEY_LOCAL_MACHINE\Software\BigFix\EnterpriseClient\Settings\Client for x32 systems and HKEY_LOCAL_MACHINE\Software\Wow6432Node\BigFix\EnterpriseClient\Settings\Client x64 systems.

    You need to add or modify subkeys for the HTTPS flag, for the location of the SSL certificate, for the HTTPS port number, and for the redirection to HTTPS.

  2. Create a subkey of Client called _BESRelay_HTTPServer_UseSSLFlag (it might already exist).
  3. Create a string value (reg_sz) for the key _BESRelay_HTTPServer_UseSSLFlag called value and set it to 1 to enable HTTPS.
  4. Create a subkey of Client called _BESRelay_HTTPServer_SSLCertificateFilePath (it might already exist).
  5. Create a string value (reg_sz) for the key _BESRelay_HTTPServer_SSLCertificateFilePath called value and set it to the full path name of the SSL certificate (cert.pem).
  6. Create a subkey of Client called _BESRelay_HTTPServer_PortNumber (it might already exist).
  7. Create a string value (reg_sz) for the key _BESRelay_HTTPServer_PortNumber called value and set it to the port number you want to use (typically 443).
  8. Create a subkey of Client called _BESRelay_HTTPRedirect_Enabled (it might already exist).
  9. Create a string value (reg_sz) for the key _BESRelay_HTTPRedirect_Enabled called value and set it to 1 to enable the browser redirection to HTTPS.
  10. Create a subkey of Client called _BESRelay_HTTPRedirect_PortNumber (it might already exist).
  11. Create a string value (reg_sz) for the key _BESRelay_HTTPRedirect_PortNumber called value and set it to the number of the port listening for HTTP connection and redirecting the client to HTTPS.
  12. Restart the besserver service.