Trying to set up https using CA cert

I’m trying to get web reports, and eventually, the REST API to leverage a trusted cert so we can communicate over https effectively. I followed the instructions here to get a CSR(https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/SSL_config_main_steps.html) and received a primary cert from my company’s internal CA.

I then followed the instructions here (https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/private_key_certificate_format.html) to combine my primary cert, root cert and intermediate cert into a .pem file that BigFix can read. Before combining them, I used openssl to convert the .der files to x509 pem files per the instructions.

I then updated the computer settings on my root server per this webpage (https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Web_Reports/c_web_reports_https_registry_set.html) and that broke webreports.

Based on the log, webreports doesn’t like the certificate. Is there any way to diagnose this?

Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – Initializing Web Reports version 10.0.2.52
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – Using cURL library - 7.73.0-DEV
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – OpenSSL Initialized (Non-FIPS Mode)
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – Using OpenSSL crypto library libBEScrypto64 - OpenSSL 1.0.2u 20 Dec 2019
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – FXF character set is windows-1252
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – TLS Cipher List: HIGH:!ADH:!AECDH:!kDH:!kECDH:!PSK:!SRP
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – Successful ODBC call returned:
[Microsoft][SQL Server Native Client 11.0][SQL Server]Changed database context to ‘BESReporting’. (01000: 5,701)
[Microsoft][SQL Server Native Client 11.0][SQL Server]Changed language setting to us_english. (01000: 5,703)
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – Begin web reports scheduling thread…
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – Begin web reports background thread…
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – Connecting to datasource: BIGFIX
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – XML parsing error: unable to open primary document entity ‘BESDomain_3_0.xsd’ Line 0, Character 0
Tue, 23 Mar 2021 18:52:13 -0500 – 5724 – XML parsing error: unable to open primary document entity ‘BESDomain_3_0.xsd’ Line 0, Character 0
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Starting background thread for BIGFIX (2299764259)
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Beginning WebReportsSession::RefreshStores (full refresh)…
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 0 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task struct UserRoleRefresh::Refresh
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 1 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task struct UserRefresh::Refresh
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 2 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class SiteRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 3 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class ActionSiteStoreRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 4 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class ActionRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 5 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class FixletVisibilityRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 6 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task struct RegistrationServerRefresh
Tue, 23 Mar 2021 18:52:14 -0500 – Background (5492) – RunOneBackgroundTask: 7 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 5724 – Opening socket with IP address: ::
Tue, 23 Mar 2021 18:52:14 -0500 – 5724 – Attempting to load certificate and private key file assuming PEM encoding/formatting…
Tue, 23 Mar 2021 18:52:14 -0500 – 5724 – Attempting to load certificate and private key file assuming ASN1 / DER encoding…
Tue, 23 Mar 2021 18:52:14 -0500 – 5724 – Cannot create the SSL context. Private key must be stored along with the certificate or SSLPrivateKeyFilePath must be set to a proper value.
Tue, 23 Mar 2021 18:52:14 -0500 – 5724 – HTTPServer error: wrong tag; nested asn1 error; ASN1 lib (class OpenSSLError)
Tue, 23 Mar 2021 18:52:14 -0500 – HTTPRedirect Server Thread (5692) – Opening socket with IP address: ::
Tue, 23 Mar 2021 18:52:14 -0500 – Background (5492) – ForegroundTaskQueue::Receive(): 0 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – Background (5492) – Queued fg task struct UserRoleRefresh::Complete
Tue, 23 Mar 2021 18:52:14 -0500 – Background (5492) – RunOneBackgroundTask: 6 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 5 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class UnmanagedAssetRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 6 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class LicenseUpdateRefreshTask
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 7 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class DashboardDataRefresh::RefreshTask
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 8 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class ComputerRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 9 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class FixletResultRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 10 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class PropertyResultRefresh::RefreshTask
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 11 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class ActionResultRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 12 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class CommentStoreRefreshTask
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 13 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class HistoricalComputerRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 14 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task class HistoricalFixletRefresh::Task
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – ThreadedTaskManager::Queue(): 15 tasks in queue
Tue, 23 Mar 2021 18:52:14 -0500 – 1140 – Queued bg task struct anonymous namespace'::Refresh Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- ThreadedTaskManager::Queue(): 16 tasks in queue Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- Queued bg task class FireSignalTask Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- Exiting WebReportsSession::RefreshStores... Tue, 23 Mar 2021 18:52:14 -0500 -- Background (5492) -- ForegroundTaskQueue::Receive(): 1 tasks in queue Tue, 23 Mar 2021 18:52:14 -0500 -- Background (5492) -- Queued fg task struct UserRefresh::Complete Tue, 23 Mar 2021 18:52:14 -0500 -- Background (5492) -- RunOneBackgroundTask: 17 tasks in queue Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- servicing foreground task for: BIGFIX Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- RunOneForegroundTask(): 2 tasks in queue Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- MEMORY USAGE: 111.695/134213464.000/4152.258/131415848.000; peak 111.695/2048.000/4152.258/2048.000 [commit/free/reserve/maxFreeBlock, in MB] Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- servicing foreground task for: BIGFIX Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- RunOneForegroundTask(): 1 tasks in queue Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- XML parsing error: unable to open primary document entity 'BESDomain_3_0.xsd' Line 0, Character 0 Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- XML parsing error: unable to open primary document entity 'BESDomain_3_0.xsd' Line 0, Character 0 Tue, 23 Mar 2021 18:52:14 -0500 -- 1140 -- MEMORY USAGE: 111.715/134213464.000/4152.223/131415848.000; peak 111.715/2048.000/4152.258/2048.000 [commit/free/reserve/maxFreeBlock, in MB] Tue, 23 Mar 2021 18:52:14 -0500 -- Background (5492) -- SiteRefresh() - Getting fixlets and files of site BES Support Tue, 23 Mar 2021 18:52:14 -0500 -- Background (5492) -- GetExternalFixletsAndFiles() - Decompressing the site content in the temp dir.. Tue, 23 Mar 2021 18:52:16 -0500 -- Background (5492) -- VerifyExternalSite() - verifying site BES Support Tue, 23 Mar 2021 18:52:16 -0500 -- Background (5492) -- VerifyExternalSite() - VerifySubscription SubscribeSMIME Tue, 23 Mar 2021 18:52:16 -0500 -- Background (5492) -- VerifyExternalSite() - VerifySubscription UnsubscribeSMIME Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- refreshing BIGFIX... Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- Beginning WebReportsSession::RefreshStores... Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): 16 tasks in queue Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- Queued bg task struct UserRoleRefresh::Refresh Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): 17 tasks in queue Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- Queued bg task struct UserRefresh::Refresh Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class SiteRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class ActionSiteStoreRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class ActionRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class FixletVisibilityRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task struct RegistrationServerRefresh Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class DashboardDataRefresh::RefreshTask Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class ComputerRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class FixletResultRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class PropertyResultRefresh::RefreshTask Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class ActionResultRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class CommentStoreRefreshTask Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class HistoricalComputerRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task class HistoricalFixletRefresh::Task Tue, 23 Mar 2021 18:52:28 -0500 -- 1140 -- ThreadedTaskManager::Queue(): discarding duplicate task structanonymous namespace’::Refresh
Tue, 23 Mar 2021 18:52:28 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class FireSignalTask
Tue, 23 Mar 2021 18:52:28 -0500 – 1140 – Exiting WebReportsSession::RefreshStores…
Tue, 23 Mar 2021 18:52:28 -0500 – 1140 – Connection error while updating AGGREGATEDBY: class PEMReadX509Failed
Tue, 23 Mar 2021 18:52:34 -0500 – Background (5492) – VerifyExternalSite() - each file of the site has been verified successfully.
Tue, 23 Mar 2021 18:52:36 -0500 – Background (5492) – SiteRefresh() - Getting fixlets and files of site Enterprise Security
Tue, 23 Mar 2021 18:52:36 -0500 – Background (5492) – GetExternalFixletsAndFiles() - Decompressing the site content in the temp dir…
Tue, 23 Mar 2021 18:52:41 -0500 – Background (5492) – VerifyExternalSite() - verifying site Enterprise Security
Tue, 23 Mar 2021 18:52:41 -0500 – Background (5492) – VerifyExternalSite() - VerifySubscription SubscribeSMIME
Tue, 23 Mar 2021 18:52:41 -0500 – Background (5492) – VerifyExternalSite() - VerifySubscription UnsubscribeSMIME
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – refreshing BIGFIX…
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – Beginning WebReportsSession::RefreshStores…
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task struct UserRoleRefresh::Refresh
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task struct UserRefresh::Refresh
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class SiteRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class ActionSiteStoreRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class ActionRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class FixletVisibilityRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task struct RegistrationServerRefresh
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class DashboardDataRefresh::RefreshTask
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class ComputerRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class FixletResultRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class PropertyResultRefresh::RefreshTask
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class ActionResultRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class CommentStoreRefreshTask
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class HistoricalComputerRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class HistoricalFixletRefresh::Task
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task struct `anonymous namespace’::Refresh
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – ThreadedTaskManager::Queue(): discarding duplicate task class FireSignalTask
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – Exiting WebReportsSession::RefreshStores…
Tue, 23 Mar 2021 18:52:43 -0500 – 1140 – Connection error while updating AGGREGATEDBY: class PEMReadX509Failed

In your second step

Did you also include your Private Key in tht file? The private key would have been created as part of generating your CSR in the first step.
Either the combined file needs to include your Private Key, or you need to configure the additional setting that points to the private key file path.
I can look up the setting but it should be in that link you referenced.

Jason, thanks for the response.

I did point it to private_key.key as per that website and made the changes in the computer setting of the root server. Do you think I would have better luck combining into one file? At this point, I’d try anything!

Is your root server and Web Reports server on the same machine? Because there are separate client settings for the root server service and for the web Reports service.
If they are on the same machine and you want to use the same certificate for both, you’d still need to go figure the settings for both the root server and the Web Reports services.

They are on the same server but right now I am just trying to get the certificate to work for reporting.

Ok, I was confused as to whether you were trying to set up REST API or Web Reports.

From the Web Reports log it looks like it’s missing the client setting for the private key path. Check you have these settings set up on it -

_WebReports_HTTPServer_SSLPrivateKeyFilePath

_WebReports_HTTPServer_UseSSLFlag

_WebReports_HTTPServer_SSLCertificateFilePath