Administering BigFix Explorer
This section describes the configuration scenarios for the BigFix Explorer component.
HTTPS certificate configuration
At installation time, the BigFix Explorer is configured to use HTTPS by default, and it creates its own certificate. If you want to customize HTTPS on the BigFix Explorer, for more details see Customizing HTTPS on BigFix Explorer.
Revoking the authentication certificate
After the installation of the BigFix Explorer instance, you can revoke the certificate of a BigFix Explorer instance needed for authenticating to the BigFix Root Server, if you have any reason to doubt its validity.
When you revoke the certificate, BigFix Explorer is no longer authenticated for trusted communication, and the certificate of the BigFix Explorer can no longer be used to communicate with the BigFix Root Server.
To revoke a BigFix Explorer certificate, you can use the revokeexplorercredentials BigFix Administration Tool command. For Windows installation see revokeexplorercredentials, for Linux installation see revokeexplorercredentials.
To rotate a BigFix Explorer certificate, you can use the rotateexplorercredentials BigFix Administration Tool command. For Windows installation see rotateexplorercredentials, for Linux installation seerotateexplorercredentials.
Rotating the authentication certificates chain
After the installation of one or more BigFix Explorer instances, you can revoke their certificates needed for authenticating to the BigFix Root Server and rotate the certificate authority used by the BigFix Root Server to generate each authentication certificate, if you have any reason to doubt their validity.
To rotate the certificate authority of the authentication certificate of the BigFix Explorer and to rotate each of the existing certificates, you can use the rotateexplorercredentials BigFix Administration Tool command. For Windows installation see rotateexplorercredentials, for Linux installation see rotateexplorercredentials.
Setting a different port number
It is possible to set a different port for the BigFix Explorer using the
_BESExplorer_HTTPServer_PortNumber
setting.
The default port number used by BigFix Explorer is 9383.
From the Edit Computer Settings menu of the BigFix Console, you can set the value for this setting.
Default Value | 9383 |
Setting Type | Numeric |
Component Affected | Explorer |
Enabling and managing the logging
It is possible to enable the logging for the BigFix Explorer using the
_BESExplorer_Logging_EnableLogging
setting.
It is also possible to specify the log path to be used by the BigFix Explorer using the
_BESExplorer_Logging_LogPath
setting.
It is also possible to specify which log levels are enabled for the BigFix Explorer using
the _BESExplorer_Logging_EnabledLogs
setting.
From the Edit Computer Settings menu of the BigFix Console, you can set the values for these settings.
Default Value | 1 (Enabled) |
Setting Type | Boolean |
Value range | 0 (Disabled) - 1 (Enabled) |
Component Affected | Explorer |
Default Value |
|
Setting Type | String |
Component Affected | Explorer |
Default Value | Critical |
Setting Type | String |
Value range | Critical - Debug |
Component Affected | Explorer |
Setting the authentication session timeout
It is possible to set a dedicated authentication session timeout for the BigFix Explorer.
After this timeout expires, if no interaction occurs between the logged on user and BigFix
Explorer, the user will have to reauthenticate in HTTPS mode using BigFix Explorer. To
customize this timeout, use the _BESDataServer_ExplorerLoginTimeoutMinutes
setting on the BigFix Server.
The default value is 5 minutes.
From the Edit Computer Settings menu of the BigFix Console, you can set the value for this setting.
Default Value | 5 Minutes |
Value range | 0 - 4,294,967,295 |
Setting Type | Numeric (minutes) |
Component Affected | Server |