If you have a trusted security certificate and key from
a certificate authority, you can configure the BigFix root server to use this certificate and key to enable trusted connections.
After you have completed the configuration, connections from the REST
API and console use this trusted certificate.
About this task
This procedure describes how you can configure the BigFix root server on Linux systems to use a certificate to enable trusted
connections through the REST API and BigFix console.
Procedure
- Concatenate the trusted certificate and key into a single
file, for example
em.pem, using a command similar
to the following for Linux: cat certfile keyfile > em.pem - Save the file in a protected area of the file system, where
it can be accessed by the BigFix
besserver process, for example, /etc/opt/BESServer/em.pem - Edit the /var/opt/BESServer/besserver.config file, adding the following two entries, and using /etc/opt/BESServer/em.pem as an example:
[Software\BigFix\EnterpriseClient\Settings\Client\_BESRelay_HTTPServer_SSLCertificateFilePath]
value = /etc/opt/BESServer/em.pem
[Software\BigFix\EnterpriseClient\Settings\Client\_BESRelay_HTTPServer_UseSSLFlag]
value = 1
- Stop and restart the BigFix root server.
