Enforce an HTTPS logon

You can configure properties to force logons from the server UI to use HTTPS, by editing the trc.properties file. In a new server installation, the following properties are all set to True by default.
enforce.secure.weblogon= 
Modifiable field enforce.secure.weblogon
Field Description Make the default log on action from the web UI use HTTPS. This property requires secure.url to be set with the full host name.
Possible Values True or False
Value Definition
True
Logons from the BigFix® Remote Control Server UI use HTTPS. Logons that use HTTP through another tool or page are not prevented.

HTTPS is not shown in the URL, but the logon page with USERID/PASSWORD is posted as HTTPS. The secure.url parameter is used. If this property is set incorrectly, the logon does not succeed. This value is the default value.

False
Log on by using HTTP or HTTPS, whichever is entered in the browser URL.
enforce.secure.alllogon= 
Modifiable field enforce.secure.alllogon
Field Description Force any logon action to use HTTPS, deny any logon that does not use HTTPS. This property requires secure.url to be set with the full host name.
Possible Values True or false
Value Definition
True
Any logon attempt that uses HTTP is rejected and redirected to the logon page. This value is the default value.
False
Log on by using HTTP or HTTPS, whichever is entered in the browser URL.
The difference between the parameters is as follows. Use the enforce.secure.weblogon parameter to ensure that the user ID and password are passed from the logon page and posted over HTTPS regardless of the URL. However, you can still log on by using HTTP either through a custom page or another tool. Use enforce.secure.alllogon to prevent all logons that are using HTTP. The logon link rejects any connection that is not HTTPS, when enforce.secure.alllogon is set.
Note: The secure.url property must be set with a proper host name, not localhost.