Using strict verification with self signed certificates

Strict verification can be used with self-signed certificates in BigFix® Remote Controll. To do this you should add each broker's certificate to the server trust store.

The BigFix® Remote Control controller and target, instructed by the remote control server, uses strict certificate validation by default and requires a trust store. Normally, a trust store contains the Certificate Authority's root certificates but when using self-signed certificates, there is no CA.

When using strict certificate verification, the certificate needs to be exported from the keystore and uploaded to the BigFix® Remote Control. The target downloads and caches the trust store when registering, during the call home process with the server or during a remote control session. The controller downloads the trust store at the start of the remote control session.

The use of strict certificate validation is determined by the broker.trusted.certs.required property in the trc.properties file on the remote control server.
Set to Yes
Strict certificate validation is enabled. This is the default value.
Set to No
Strict certificate validation is disabled.
Note: Disabling strict verification is not recommended. When strict verification is disabled, the BigFix® Remote Control controller and target will trust all valid certificates, whether they were generated by you or by a potentially malicious third party.