I am trying to add a trusted root certificate to Bigfix Inventory. My question is why isn’t the proceed the same as Web Reports? Why can’t I use the same certs I used for Web reports? It appears that there is a different process with a different set of commands. Then with the Self Service Portal the process is different again.
I would say this is because they use a different Web Server engine. At the end, you should be able to use the same Cert if the applications run in the same server.
Has anyone been able to add a certificate to Bigfix Inventory? There is no part of the instructions for creating a certificate that show where to add a third part certificate. Disregarding the third party certificate, I have tried following the instructions step-by-step and they are not working.
I think you are talking about two different things. The Server Certificate can be uploaded via the BF Inventory’s Management -> Server Settings page. This should be unique to each server.
The other one you are talking about is a Certificate Authority (CA). To get your personal CA loaded into BFI, all you have to do is import your CA into the cacerts Java file with the javakey tool. The cacerts file is located at “C:\Program Files\IBM\SCA\jre\lib\security\cacerts” for Windows.
If you don’t feel comfortable with the java keytool, send me a message and I’ll send you some guidelines. It would be a good idea to create a batch script to run this as when the version of Java updates, you’ll most likely have to do this again.
The instructions do not mention anything about the javakey tool. Here is the link to the instructions:
https://www.ibm.com/support/knowledgecenter/SSKLLW_9.5.0/com.ibm.bigfix.inventory.doc/Inventory/security/t_ssl_creating_certs.html. My issue is that there is something missing in the instructions.
I’m a bit confused as to what you are trying to do I guess.
Are you trying to create your own self-signed certificate for BFI or are you trying to import a certificate that was granted by your local CA? Or are you trying to import a local CA so the server has secure access to other resources?
The link/documentation you posted is about creating a self-signed certificate for BFI.