On Windows Systems
You can enforce the SHA-384 for all digital signatures by performing the following steps:
- Run the Administration Tool by clicking Start > All Programs > BigFix > BigFix Administration Tool.
- Browse to the location of your site license (
license.pvk
) and click OK. - Select the Security tab. The following window is displayed:
You can now enforce the SHA-384 for all digital signatures.
If the SHA-384 option is greyed out, a warning at the bottom of the page will inform you about the issues.
When clicking the link in the warning, a pop up will be displayed with a list of conditions that must be satisfied in order to be able to enforce SHA-384.
If the Gather an updated license from HCL is not satisfied, click Gather license now so that your updated license is gathered from the HCL site and is distributed to the BigFix clients. This step ensures that you use the updated license authorizations if you specified an existing license file during the installation steps.
If the Run BESAdmin on the following replication servers is not satisfied, it means that one of these conditions regarding all the BigFix servers involved in a Disaster Server Architecture (DSA) is not satisfied:- They are at Version 11.
- They have the updated license.
If the Unsubscribe from sites which do not support SHA-384 is not satisfied, click the link to see the list of sites which do not support SHA-384. To solve the issue you need to unsubscribe these sites from the BigFix Console.
In this example, 2 sites must be unsubscribed.
If the Rotate WebUI certificates to enable SHA-384 is not satisifed, you need to regenerate all WebUI certificates created before upgrading to Version 11.
SHA-256 Downloads
To ensure that data has not changed after you download it using the SHA-256 algorithm, click Require. If you do not select this option, the integrity check of the downloaded files is run using the SHA-1 algorithm.