Adding a post here for visibility on this issue:
Issue
When using the default configuration or using Client Setting _BESGather_Use_Https = 1, the License Update check fails if there is an SSL issue, and does not fail over to HTTP correctly.
Resolution
In BigFix 9.5.11 or greater, if you use the default configuration to check for license updates or if you force the check in HTTPS (using Client Setting _BESGather_Use_Https = 1), it is required that the following Client setting is set on the BigFix Server system for the requests to complete successfully:
_BESGather_LicenseCertificateCommonName=gatherer.bigfix.com
At the same time, if you are in an AirGapped environment and you want to run the AirGap tool in HTTPS, you have to specify the following options:
BESAirgapTool.exe -usehttps -licenseCN gatherer.bigfix.com