Message Level Encryption MAC OS

Does anyone know if MLE is supported on clients running MAC OS. I have found documentation on both Linux and Windows, but nothing stating yah or nah for MAC devices. Any insight is appreciated.

It should be supported on all BigFix clients on all OSes as long as it is after a certain client version when it was introduced, which I don’t recall.

We are on BF 9.5.6 and latest version of MAC OS, so we should be good as far as versioning. We also have this feature working on our Windows devices and are enabling via clientsettings.cfg file. What I have done is took that same clientsettings.cfg file added it to my MAC OS package and installed. The MAC device shows up in my console with the MLE setting set to optional, but I need to verify that it is actually working. On a Windows device I am able to do this by adding a couple of registry entries and then checking a file. Cannot find documentation on how to test from MAC device.

You can change these settings anytime from the console. You don’t need to do it with the clientsettings.cfg also MLE should default to optional in I think 9.2+, so you don’t need to set it at all.

You can verify it is working by looking at the client logs, it will show that the client is using MLE.

MLE won’t work anywhere unless you enable encryption in BESAdmin.

Thanks, i will give the client log a look to see if I can verify.

1 Like

You will see this in the log after relay selection if the client is set to optional for MLE but there is no encryption set in BESAdmin:

Encryption: optional encryption with no certificate; reports in cleartext

You will also see this message throughout:

Report posted successfully

If MLE is set to optional or required and there is encryption configured properly in BESAdmin, you will see the following:

Encrypted Report posted successfully

Its supported on clients but you need to enable it in BESAdmin as the certificate to encrypt to needs to be put into the masthead.

Once the cert is in the masthead the newer clients default to “optional” and will start encrypting based on the cert showing up.

1 Like