HCL TECHNOLOGIES ABOUT US PRODUCTS & SOLUTIONS RESOURCES CONTACT US

Home
Configuration Guide
This guide is for administrators and IT managers who want to configure and customize IBM BigFix.
Additional configuration steps
These topics explain additional configuration steps that you can run in your environment.
Configuring HTTPS for REST API
Requesting a Certificate from a Certificate Authority

Requesting a Certificate from a Certificate Authority

To encrypt HTTPS REST API with a certificate that browsers implicitly trust, request a signed certificate from a trusted Certificate Authority (or CA) such as Verisign as follows:

Create a Certificate Signing Request (csr)
Forward the .csr file to a Certificate Authority (CA). They will issue you a signed (browser-trusted) certificate for your server. Request the certificate be issued in PKCS12 format.
Important: If you want to specify both the certificate and the private key files in the REST API HTTPS configuration, skip the following steps and see REST API HTTPS Settings.
After you have received the PKCS12 formatted file, DO NOT import it to any Microsoft default certificate handling facilities.
Via openssl, perform the following on each PKCS12 formatted file to export to a password stripped PEM file format:
```
openssl pkcs12 -in PKCS12.p12 -out PEM_CERT_FILE_NAME.pem -nodes -clcerts
```
This exports the PKCS12 file to a PEM formatted file with both the public key and private certificate without any passwords.
Open the PEM certificate file with WordPad.

Leave only the public key and private certificate, keeping the BEGIN and END block stanza headers. This is an example:

-----BEGIN CERTIFICATE-----
MIICYjCCAcugAwIBAgIJANiRLK2nbg9oMA0GCSqGSIb3DQEBBQUAMEoxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQHDApFbWVyeXZpbGxl
MREwDwYDVQQDDAhIRUlNREFMTDAeFw0xMjAzMTUwMjA5MzdaFw0xMzAzMTUwMjA5
MzdaMEoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQH
DApFbWVyeXZpbGxlMREwDwYDVQQDDAhIRUlNREFMTDCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEA5h5aCcN5Up5rNYn7a88dKAehe7CbKDtPF6jdrn52yShJc97f
mceJeIsnkVmBVRoIBevxFnNIKxMzzR52c0NKK2gU0ax2k6TWD8yVOHHFepBgcCyF
JD9y9g5u444+7S5vsXRpmAx7z3HYHHh9Jjiv7zLoN46Mu+7KpnZnJgFX0QcCAwEA
AaNQME4wHQYDVR0OBBYEFHJXtkgif6mZzQBcrp7U7yptf/WzMB8GA1UdIwQYMBaA
FHJXtkgif6mZzQBcrp7U7yptf/WzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEARkkc8GmyFtuXsWmjvkUJvRkGJYiQ7LsO5Qg67ONcMr/beJDXsOR3w3lD
cDqCglnQuswNySrcAGDPctDJwE2cZbcvpVdNlUd1UdXnbzHAjg/buh6Uy5OYYc0y
NtbcKlPpgxvBp6cGua7K01bMeb379vXLNr1EcQG9KmlkHYqqJpU=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOYeWgnDeVKeazWJ
+2vPHSgHoXuwmyg7Txeo3a5+dskoSXPe35nHiXiLJ5FZgVUaCAXr8RZzSCsTM80e
dnNDSitoFNGsdpOk1g/MlThxxXqQYHAshSQ/cvYObuOOPu0ub7F0aZgMe89x2Bx4
fSY4r+8y6DeOjLvuyqZ2ZyYBV9EHAgMBAAECgYEAh2Jh/I6JaUcUsgn85l+SusNK
iTfNAO1ryfKqgYeboRtXo5kDGjkfstDDtargAU5wW/OFAn1OfzEr78i1TXjQP/2h
1ntvOobYeEsRFBlVdoC361GHKoSWMMbrymx75XIRmdW3cIHOSlpHfr2RA9WZfA2R
tn8gtITQNKed0uFyBskCQQD6IeYaxWegfoJwpcAmlTlYfyKXdSL9/DGsG+uhAIhU
pUWPwsH/uHR8/61wQ9coH1NEy2bVRT0qha1s9CvHA0OFAkEA64RD4t5oQcA+Q/2o
TtfYD3MB0NQJVL2KwJaW9hr4+osMQWJSSXTQuymMcd3tLJaS3eg0DVIsg0pO0GYx
bVKKGwJANF9IqK5QhkA225M46lswSKFGAuRZ0UgutlSaP3m3EdIRAIrMx9g9O7bk
/66UrCfy7WKRQ3Jd3jtjFn8Bc4fxaQJBALCVoRjPTThPXeA4piNHbvZWcrwS31Qs
MYao4lNwcdHYw72abLwq2/4Y7vbJQPU3iLLdUXnTbRCbfHCAzvp68pUCQQDX7iVR
Wjd9qVlgtR/6wxAQjSHSmlCyTfHA0ncVNzjEjZzA3FiCNq+gHFkBc6Kr4FxfNWCm
aoyVGYxl1LT+VHJA
-----END PRIVATE KEY-----

Save the modified PEM file containing only the public certificate and private key.
Store this file on your BigFix server and refer to it when setting up your REST API.