Running BigFix 10.0.2 and want to update to version 10.0.9. The Database and application are both on the same Windows server. Are there any gremlins to be wary of when upgrading to version 10.0.9 from 10.0.2. The prereg checks passed. SQL is fully patched as is the OS.
Be sure to read all the update notes about certificate trusts, the certificate checks are much stricter starting in 10.0.8.
1 Like
See the announcement links at BigFix 10.0 Patch 9 is now available! and especially the links about the new certificate configuration settings at https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/c_customizing_HTTPS_downloads.html
Most customers will need to update their root server’s certificate trust lists -
- If using Inventory, add the Inventory server’s certificate to the trust list (whether that’s the default self-signed certificate, or your Certificate Root Authority if you’ve issued a certificate from your internal CA)
- If using a TLS-decrypting proxy for web downloads
- If hosting any downloads from an internal web server using self-signed or privately-issued certificates
I did upgrade infra from 10.0.4 to 10.0.9 but I had many issues, see post below might be helpful 
I would recommend upgrading to 10.0.7 for now, and then investigate settings to relax the new things that are in 10.0.8+
Why not just wait for 11.0.0? (half /s)
I believe we have the “lessons learned” pretty well documented by now for the TLS restrictions, and the more secure certificate handling is worthwhile.
I recommend upgrading test/lab systems first, of course, but I wouldn’t expect the validation to be relaxed or upgrades to get any easier for 10.0.10 (or 11.0 for that matter)