Hi, we want to connect bigfix remotely for this we publish Rest API https connection , can we generate our own Bigfix based certificate for https connection as third party tools team want to have secure certificate for the Bigfix Rest API connection.
please suggest.
thanks
Please see the following:
Hi Aram, can’t we use the default certificate which it asks at time of opening https connection or from Admin tool? or do i need to generate own custom certificate and configure into Bigfix App?
the custom certificate option which you mentioned i tried but did not work with third party tool like postman , it is not working with SSL option , we want to connect bigfix remotely for this we publish Rest API https connection , we can post / get details from Bigfix console but there is one tool where team is using JavaScript / Jason which needs bigfix trusted certificate.
When I tried to use bigfix default certificate which comes under admin tool or while opening https://server:52311 from the browser but it does not work and said un-authorized access.
Please assist.
Due to how Certificate Trust works – the certificate that BigFix uses is valid but it is not trusted by your browser. You can add the certificate to your trusted cert store, swap it for a certificate that your computer trusts, or disable SSL validation in the tool making the connection (see: disable SSL verification in postman).
Hi , i can make connection when i disable SSL option into postman , but i want to keep this enable in postman , same way i tried same way with curl but it does not work ?
Is there any way to confgure and use SSL / secure certificate in curl as i need to fix the same issue with javascript code where java coder want to use self signed certificate to make the connection secure for remote execution of the action to BF console.
C:\Temp\curl>curl -E c:\temp\cert.pem -X GET -u Administrator:password https://server52311/api/computers
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
This isn’t a BigFix issue, you need an understanding of how PKI works.
You can generate your own certificates for the root server using the instructions Aram posted earlier.
If you pay for a certificate signed by VeriSign, Digicert, or other public authority that is already trusted by your OS / application (which is handled separately by your Java client, curl, postman, etc.) then it will “just work”.
If you are issuing certificates from an internal / private certificate authority, you can also make that work. You would need to update your browser, java, curl, etc. trust stores so that they trust your internal issuing authority.
The instructions for configuring curl to trust your internal/private certificate authority are in the link you posted. Give it a read.