I am working with a Linux Big Fix 9.5 server and client. I enabled encrypted reports required, and then ran:
./BESAdmin.sh -reportencryption -generatekey -deploynow=yes -sitePvkLocation=<my.site.licensekey>
However, I am seeing this in my client logs:
Encryption: encryption required and no certificate; report not sent
I’m not quite certain where this “key” in the BESAdmin.sh command is created, and how that relates to this certificate message, or if there is something else I’ve missed along the way.
I am still able to initaite actions on the target system, but they obviously never get reported.
This is POC work for client who is concerned about security.
Once you enable Message Level Encryption, the actionsite masthead should be updated to include the Encryption Certificate that will be leveraged by the Clients to encrypt their reports. Can you check and validate that ActionSite propagations are working, and whether or not the Client’s actionsite.afxm contains a portion for the Encryption Certificate?
I have checked the ActionSite.afxm file, and indeed it does contain a certificate, and having set the report encryption to optional, am this morning seeing them being encrypted.
I’m unsure why it seemed to take some time to take affect, and the timestamp is from yesterday afternooon.
Happy to see its working now, and thanks for the tips on checking for the certificate!
I have got the same error “Encryption: encryption required and no certificate; report not sent” in my environment,
but I enabled the encryption to my infrastructure, some clients are not reporting to the server after the agents installation, we checked the client log, it was showing the above error, we restarted the “bes client” services and check the log, the agent were reported to the server.
It sounds like some of your agents weren’t gathering the actionsite to get the new masthead. Perhaps they are not getting UDP messages and would have eventually gotten it after a day I believe