On Linux Systems

You can set the security options after you install BigFix V9.5 or upgrade it to V9.5, by running the following command as super user:

./BESAdmin.sh -securitysettings -sitePvkLocation=<path+license.pvk> 
              -enableEnhancedSecurity -requireSHA256Downloads
Note: The notation <path+license.pvk> used in the command syntax stands for path_to_license_file/license.pvk.
The full syntax of the ./BESAdmin.sh -securitysettings is the following:
./BESAdmin.sh -securitysettings -sitePvkLocation=<path+license.pvk> 
   { -status | {-enableEnhancedSecurity|-disableEnhancedSecurity} 
   | {-requireSHA256Downloads|-allowSHA1Downloads} }
Shows the status of the security settings in your BigFix environment.
BESAdmin.sh -securitysettings -sitePvkLocation=/root/backup/license.pvk
-sitePvkPassword=mypassw0rd -status

Enhanced security is currently ENABLED
SHA-256 downloads are currently OPTIONAL
enableEnhancedSecurity | disableEnhancedSecurity
Enables or disables the enhanced security that adopts the SHA-256 cryptographic digest algorithm for all digital signatures as well as content verification and the TLS 1.2 protocol for communications among the BigFix components.
Warning: If you use this setting you break backward compatibility because BigFix version 9.0 or earlier components cannot communicate with BigFix version 9.5 server or relays.
Ensures that data has not changed after you download it using the SHA-256 algorithm.
Note: You can set requireSHA256Downloads only if you also set enableEnhancedSecurity.
Ensures that the file download integrity check is run using the SHA-1 algorithm.