Thanks… Setting _BESRelay_HTTPServer_UseSSLFlag = 0 does allow the BigFix client on the Master to check in, and HTTPS port 52311 switches back to to the BigFix self signed cert.
Mind you, the Entrust cert I have, has been in use for a year now. Upgrading to BigFix 10.0.7 did not have this issue, but 10.0.8 does. Putting back the setting and restarting services, recreates the issue I have.