Update TLS certificates

You can update the TLS certificate that was initially installed with the MDM Server. Additionally, you can easily rectify errors by replacing incorrect certificates, keys, and passwords uploaded during installation. To perform this action, use Fixlet 702: BigFix MDM Server - Stage External TrustedCA TLS Certificates.

About this task

To renew the expired TLS certificates or re-upload the correct TLS certificates that were installed previously, complete the following steps.

Procedure

  1. From BigFix Console under the BESUEM site, open Fixlet 702: BigFix MDM Server - Stage External TrustedCA TLS Certificates.
  2. Provide the following information:
    • MDM Server TLS Key Password: Enter the password.
    • MDM Server TLS CERT content : Copy and paste the latest certificate mdmserver.crt data.
    • MDM Server TLS KEY content : Copy and paste the mdmserver.key.pem content.
  3. Select an option to deploy certificate.
    • Deploy: The new certificate is immediately implemented; requires an instant restart of the MDM server.
    • Stage: Creates the updated configuration, but does not actually apply it and perform the associated MDM server restart until the Fixlet 701: BigFix MDM Server CA certificate for the targeted server is subsequently run (ideally scheduled in non-peak times to minimize service disruption).

Results

TLS certificates get updated in the locations /var/opt/BESUEM/certs and /var/opt/BESUEM/certs/server.