Manual key exchange

If an agent does not have a certificate and can only reach an authenticating relay on the network, connected through the internet, you can manually run the following command on the agent so it can perform the key exchange with an authenticating relay:

BESClient -register <password> [http://<relay>:52311] 

The client includes the password in its key exchange with the authenticating relay, which verifies it before forwarding the key exchange to its parent.

You can configure the password as:

• A single password in the client setting _BESRelay_Comm_KeyExchangePassword on the relay.
• A newline-delimited list of one-time passwords stored in a file named KeyExchangePasswords in the relay storage directory (value StoragePath of HKLM\Software\WOW6432Node\BigFix\Enterprise Server\BESReports).