Manual key exchange
If an agent does not have a certificate and can only reach an authenticating
relay on the network, connected through the internet, you can manually
run the following command on the agent so it can perform the key exchange
with an authenticating relay:
BESClient -register <password> [http://<relay>:52311]
The
client includes the password in its key exchange with the authenticating
relay, which verifies it before forwarding the key exchange to its
parent. You can configure the password as:
- A single password in the client setting
_BESRelay_Comm_KeyExchangePassword
on the relay. - A newline-delimited list of one-time passwords stored in a file
named
KeyExchangePasswords
in the relay storage directory (value StoragePath ofHKLM\Software\WOW6432Node\BigFix\Enterprise Server\BESReports
).