BigFix Server and Agents authentication

Hello Forum,

I’m new to Bigfix/ILMT (9.5/9.2) but have to deploy the product in our environment.

As far as I understood the actionsite.afxm file is used by the BigFix clients to verify the authenticity of the Bigfix Server. Can it be thought as a root certificate being used to check the Server certificate presented by the BigFix Server to the BigFix client ?

Is the masthead.afxm file the server certificate presented to the BigFix Client and being verified by actionsite.afxm


Hi ydemir,
The file actionsite.afxm is the entry point for a client. Without it wouldn’t know what is the server hostname, URLs and configuration. I don’t know the security details but I think it works the other way around that is the server checks the client certificate. It’s the client that connects to the server and not vice versa.


The names actionsite.afxm/masthead.afxm are different names for the same thing. The AFXM extension shows they are both the masthead of the deployment. Consider the masthead the public certificate for the deployment that allows the client to establish trust to one and only deployment. All other certificate trusts for your deployment go through this chain.

When you installed the server you generated keys which created a certificate chain back to the BigFix root certificate that the components already know. This allows the trust chain to be validated, similar to SSL certificates etc that use a trust authority out on the internet

1 Like

Hello Alan, hello Federico,

thanks a lot