Certificate Authority signed certificates
You can use Certificate Authority (CA) signed certificates to address the authentication and verification required for ensuring secure connections between brokers and endpoints.
To use a Certificate Authority (CA) signed certificate you should
obtain the following items
- A certificate for each broker in your environment.
- The root certificate and any intermediate certificates for the CA.
Note: As different CA’s will operate in
different ways you should consult the CA’s documentation for instructions
on how to obtain these.
When you have obtained the relevant certificate files you should copy the certificate to the broker machine and configure the broker properties, for more details, see Broker configuration. The root certificate should be added to the BigFix® Remote Control server, see Adding a certificate to the truststore.
PEM files can be generated with the OpenSSL command line tool or
other third party tools. The OpenSSL command-line tool is not shipped
with BigFix® Remote
Control.
The PEM file needs to contain the following items, in the order listed
below.
- Broker's certificate
- Any intermediate certificates, if required
- Root certificate
- Broker's private key