Configuring secure communication

BigFix automatically enables the Secure Socket Layer (SSL) protocol by using self-signed certificates to ensure secure communication between your Web Reports or Rest API server and all users that access it. If you don't want to use the provided private key and the self-signed certificate complete the following steps:

  1. Generate a private key and a certificate signing request (CSR) for a CA signed certificate. For additional information on the private key and certificate format see Private key and certificate format.

    The advantage of using an external CA is that root certificates of known public CAs are imported by default into modern web browsers.

    Important: You can use the private key and the certificate generated for BigFix Inventory also for Web Reports only if the private key is not password protected.
    For additional information on how to get these files see Creating private keys and certificates and Signing certificates.
  2. Copy the files to a folder of your choice on the Web Reports or Rest API server.
  3. Configure the Web Reports server or REST API server as described in Customizing HTTPS on Web Reports and Customizing HTTPS on REST API.
    Note: You can also configure Web Reports or Rest API to work with Hyper Text Transport Protocol Secure (HTTPS) manually without using the console. For additional information, see Configuring HTTPS manually on Windows systems and Configuring HTTPS manually on Linux systems for Web Reports, and Customizing HTTPS manually on Windows systems and Configuring HTTPS manually on Linux systems for Rest API.
  4. Depending on which component you are setting HTTPS, restart the corresponding service, BESWebReports for Web Reports and BES Server for Rest API:

    Web Reports

    • On Windows, open Services, select BESWebReports and on the Action menu, click Restart.
    • On Linux, run from the prompt: service beswebreports restart or /etc/init.d/beswebreports restart.

    Rest API

    • On Windows, open Services, select BESServer and on the Action menu, click Restart.
    • On Linux run from the prompt: service besserver restart or /etc/init.d/besserver restart.