Step 3: Enabling secure communication

You can enable encrypted communication (HTTPS) to ensure secure communication between your server and all users that access it. You can base your communication on self-signed certificates that are provided by default in BigFix Inventory, but these certificates are not intended for production environments. To improve security, create your own private key and certificate, and upload them to BigFix Inventory.

Before you begin

  • The use of HTTPS is enabled by default, but this configuration is based on temporary self-signed certificates that are not intended for production environments.
  • Enabling or disabling the use of HTTPS changes the web address of your BigFix Inventory server. Ensure that you run a data import afterward to update the address in the Fixlets that use it to download files from the server.

Procedure

  1. Log in to BigFix Inventory.
  2. In the top navigation bar, click Management > Server Settings.
  3. Select Use HTTPS. The Certificate subsection opens.
  4. Optional: Select Use TLSv1.2.
    Important:
    • Enabling TLS 1.2 disables TLS 1.0.
    • To use TLS 1.2, ensure that your browser supports TLS 1.2, and that it is enabled.
    • To fulfill all the requirements for SP800-131 compliance, see: Enabling SP800-131 compliance.
  5. Provide information about the certificate.
    • If you have a private key and a certificate:
      1. Select Import a PEM encoded private key and certificate.
      2. Click Browse to locate the files in the computer file system.
      3. In the Private key password field, enter the password for the key. This field is required only if you set a password for your private key.
      4. Click Save.
      Note: The certificate and the key must be PEM-encoded.
    • If you want to generate a new self-signed certificate:
      Restriction: A self-signed certificate contains a public key, information about the owner of the certificate, and the owner's signature. Because such a certificate is signed by its own private key, it does not provide means to verify the origin of the certificate through a trusted certificate authority.
      1. Select Generate a self-signed certificate.
      2. Specify the certificate subject common name. The common name must correspond to the DNS name of the BigFix Inventory server.
      3. In the Expiration Date field, enter the date when the certificate expires.
      4. Click Save.
      Note: Most browsers display a warning message when a self-signed certificate is used.
  6. Restart the server.

Results

You enabled secure communication on your server. All outgoing communication is now encrypted with the private key that you provided.