Encryption
The fifth tab opens the Encryption dialog. Use this dialog if you want that the Client encrypts reports to be sent to the server.
This is useful if the reports contain confidential information. You can use this tab to generate a new encryption key or to disable encryption altogether.
If you click Generate Key, the server creates a public key and a private key. The private key is stored in the database on the server. The public key is stored in the master actionsite. As soon as the clients receive the master actionsite, they start to encrypt the reports with the public key. On the server, the reports are decrypted using the private key.
If you configured your environment so that the top level relays
are in a secure location with the server, you can delegate the responsibility
to decrypt reports to the relays to reduce the workload on the server.
This is the list of steps to run if you want to set this configuration:
- In the Encryption tab, generate the key pair, private and public, on the server.
- Manually copy the private key on the relays to delegate for decryption.
- In the Security tab, click Enable Enhanced Encryption. After you click that button, the master actionsite is sent across the BigFix network and the clients start to encrypt reports with the public key.
- When a relay that has the private key, receives the encrypted reports, it decrypt them and forward the reports in clear text to the server.