Using strict verification with self signed certificates
Strict verification can be used with self-signed certificates in BigFix® Remote Controll. To do this you should add each broker's certificate to the server trust store.
The BigFix® Remote Control controller and target, instructed by the remote control server, uses strict certificate validation by default and requires a trust store. Normally, a trust store contains the Certificate Authority's root certificates but when using self-signed certificates, there is no CA.
When using strict certificate verification, the certificate needs to be exported from the keystore and uploaded to the BigFix® Remote Control. The target downloads and caches the trust store when registering, during the call home process with the server or during a remote control session. The controller downloads the trust store at the start of the remote control session.
- Set to Yes
- Strict certificate validation is enabled. This is the default value.
- Set to No
- Strict certificate validation is disabled. Note: Disabling strict verification is not recommended. When strict verification is disabled, the BigFix® Remote Control controller and target will trust all valid certificates, whether they were generated by you or by a potentially malicious third party.