On Linux Systems
You can enforce SHA-384 after you install BigFix V11 or upgrade it to V11, by running the following command as super user:
./BESAdmin.sh -securitysettings -sitePvkLocation=<path+license.pvk>
-sitePvkPassword=mypassw0rd -requireSHA384Signatures
Note: The notation
<path+license.pvk>
used in
the command syntax stands for path_to_license_file/license.pvk
.The full syntax of the
./BESAdmin.sh -securitysettings
is the following:./BESAdmin.sh -securitysettings -sitePvkLocation=<path+license.pvk>
[-sitePvkPassword=<password>]
{ -status | {-requireSHA384Signatures |-allowSHA256Signatures }
| {-requireSHA256Downloads|-allowSHA1Downloads} | {requireTLS13 | -allowTLS12 ] } }
where:- status
- Shows the status of the security settings in your BigFix environment.
Example:
./BESAdmin.sh -securitysettings -sitePvkLocation=/root/backup/license.pvk -sitePvkPassword=mypassw0rd -status SHA-384 signatures are currently OPTIONAL SHA-256 downloads are currently OPTIONAL TLS 1.3 is currently OPTIONAL Masthead TLS cipher list: (TLS cipher list not set) The visibility status of the From field is currently set to: hide. The local operators are currently enabled.
- requireSHA384Signatures | allowSHA256Signatures
- Enables or disables the security option that adopts the SHA-384 cryptographic digest algorithm for all digital signatures.
- requireSHA256Downloads | allowSHA1Downloads
- Ensures that data has not changed after you download it using the SHA256 | SHA1 algorithm.
- requireTLS13 | allowTLS12
- With this option, you can require the use of TLS 1.3 for all HTTPS communication.