Lost password for license.pvk

ctsahmhosting · November 27, 2024, 9:42am

Dear All,

We have lost license.pvk password in order to open bigfix administration tool. Please advise how can we retrieve the password for license.pvk?

Thanks,
CM

vk.khurava · November 27, 2024, 11:49am

Please open case with HCL support.

DanieleColi · November 27, 2024, 12:51pm

Private Key is private by definition: there is no way to recover the password!
Probably you need a new license…

DerrickD · November 27, 2024, 3:38pm

Rebuild to a new BigFix environment…

ctsahmhosting · December 13, 2024, 1:20pm

Will it help? I see other engineers are stating that there is no way to recover the password.

vk.khurava · December 13, 2024, 2:26pm

Indeed, thats correct !

May be Yes or No ! but HCL support team will be best candidate to help you or provide best guidance based on your requirement.

JasonWalker · December 13, 2024, 2:28pm

The license.crt is a Certificate, and the license.pvk is a password-protected private key to the certificate. In fact if one is familiar with the OpenSSL commands, you can interact with these just like any other system certificate.

And, like all PKI, it is infeasible to break/decrypt the password with current computing power.

If there is any chance at all of recovering the password, it’s not going to be a technical solution that we can give you. It’ll be you, buying the password off whatever former admin set it; recovering it from a backup of a document that had it listed or the badly-written script they kept in their home directory that had a cleartext copy of the password; or finding it in their bash_history if they ever entered it on the command line and it’s a Linux server.

The far more likely thing is that you will need to start off by building an entirely new BigFix deployment. You can use the License Service Center to move license counts from your original license and create a new license, then install a new BigFix server with a new gather URL and a new license certificate a new private key. Then, you can use the Masthead Switch method, sending an action to clients on the old BigFix deployment to register themselves as new machines on the new BigFix deployment. When you do this, they appear as new machines with new computer IDs and no action history on the new BigFix server. You’ll need to decide whether you need to retain the old server, old logs, or any data from the original deployment.

The timing can be tricky, especially if you have a complex network design, firewall rules, and widely-distributed Relays. If you have a large deployment, I’d suggest engaging with the BigFix Services team to help with your server standup and migration, as we’ve dealt with many large migrations before. If you send me a private message I can put you in touch with the right people to discuss contracting them.