Odd error when trying to manually update certificate

Running BESClient.exe -update-certificate <password> http://<Internet-facing-relay-with-that-password-set>/52311 and getting the following as results:

Initializing for client certificate refresh.
Cryptographic module initialized successfully.
Sending certificate update request to http://<that server>:52311/
Error updating client certificate: Manual update certificate is not allowed on this relay

I can’t find anything about other settings to enable or configure on the Relay beyond _BESRelay_Comm_KeyExchangePassword. Is there something I’m missing?

The client setting to be defined on the Relay side is _BESRelay_Comm_ClientCertUpdatePassword.

The setting is documented at the following link: https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/r_client_set.html#r_client_set__auth

More information is also available in the How to Recover from an Expired Client Certificate section of the “Client certificate” chapter of the BigFix Configuration Guide.