Configuring the root server to use a trusted certificate for console and REST connections

If you have a trusted security certificate and key from a certificate authority, you can configure the BigFix root server to use this certificate and key to enable trusted connections. After you have completed the configuration, connections from the REST API and console use this trusted certificate.

About this task

This procedure describes how you can configure the BigFix root server on Linux systems to use a certificate to enable trusted connections through the REST API and BigFix console.

Procedure

  1. Concatenate the trusted certificate and key into a single file, for example em.pem, using a command similar to the following for Linux: cat certfile keyfile > em.pem
  2. Save the file in a protected area of the file system, where it can be accessed by the BigFix besserver process, for example, /etc/opt/BESServer/em.pem
  3. Edit the /var/opt/BESServer/besserver.config file, adding the following two entries, and using /etc/opt/BESServer/em.pem as an example:
    [Software\BigFix\EnterpriseClient\Settings\Client\_BESRelay_HTTPServer_SSLCertificateFilePath]
    value = /etc/opt/BESServer/em.pem
    [Software\BigFix\EnterpriseClient\Settings\Client\_BESRelay_HTTPServer_UseSSLFlag]
    value = 1
  4. Stop and restart the BigFix root server.