BigFix Secure Paramaters Query

shabircse · October 6, 2023, 3:20pm

Hi All,

I am deploying an action with the secure parameters. While i am trying to deploy the action with the computer name , i am getting the following error.

“Bad Request: Cannot send the action with secure parameter: at least one of the targeted endpoints doesn’t have the computer certificate”. The body for this is as below:

<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
    <SourcedFixletAction>
        <SourceFixlet>
            <Sitename>Test</Sitename>
            <FixletID>274</FixletID>
            <Action>Action1</Action>
        </SourceFixlet>
        <Target>
            <ComputerName>bigfix-app01</ComputerName>
        </Target>
        <SecureParameter Name="DB_User">demo</SecureParameter>
        <SecureParameter Name="DB_Pwd">Demopass</SecureParameter>
    </SourcedFixletAction>
</BES>

While i use the same XML with the computer ID , this is working fine.

<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
<SourcedFixletAction>
    <SourceFixlet>
        <Sitename>Test</Sitename>
        <FixletID>274</FixletID>
        <Action>Action1</Action>
    </SourceFixlet>
    <Target>
        <ComputerID>12345</ComputerID>
    </Target>
    <SecureParameter Name="DB_User">demo</SecureParameter>
    <SecureParameter Name="DB_Pwd">Demopass</SecureParameter>
</SourcedFixletAction>
</BES>

My question is does secure parameters works on only computer ids?

trn · October 6, 2023, 3:25pm

Secure parameters do only work using computer ids

Secure parameters have to be explicitly targetted, and you can have multiple computers with the same name, which would make the targetting ambiguous.

orbiton · October 6, 2023, 4:45pm

I’ve checked the following documentation: https://developer.bigfix.com/rest-api/api/action.html

In the target section of the XML file, specify the “ComputerID” if you want the action to be sent to the client mailbox.

I can understand the reasoning for this restriction. If you send action by ComputerName it could result with multiple results - and be that missing the client mailboxing feature

fermt · October 12, 2023, 1:01pm

What others already said, secure parameters only work with mailbox actions, ie actions that get deployed to specific systems. In the console it doesn’t look like that because you can pick the systems by the computer names but at the end the console uses the computer ids to send the actions.

JonL · October 12, 2023, 3:35pm

If you want the current limitations lifted/expanded, I’d encourage you to vote for this enhancement in the Ideas portal. They recently changed it to ‘future consideration’ in the portal.