WebUI and CA Signed SSL

Is there an IBM document that gives step by step details for creating a CA signed SSL certificate for use with WebUI? I tried to use openssl to generate the req and get a cert issued by my CA but WebUI doesn’t seem to even know the cert is there.

The documentation doesn’t explain how to generate the files at the moment, but it does describe what names should the key and certificate files have and where they should be located. Note that the location is different depending on what version of the product you are using:

https://www.ibm.com/support/knowledgecenter/en/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Admin_Guide/c_ssl_certificates_9.5.3_and_above.html

There is also this great post with a lot of more details and an example that hopefully fill the gaps: WEBUI and a REAL SSL cert -and one more question

1 Like

There is a service app log that should have error messages about SSL if the web ui is trying to use your SSL certs.

If the web ui is trying to use your certs but there is something wrong with them, then it shouldn’t actually work at all.

You may have the wrong name or wrong folder for the files. The SSL certs DO NOT go in the certs folder.

You may need to create a PMR with IBM to work with support to get this resolved. How to ask for IBM product help: PMRs, RFEs, and more

In general, do I have the process correct?

  1. Use openssl to generate CSR and private key
  2. remove passphrase from private key with openssl
  3. send CSR to my CA for processing
  4. Rename certificate and private key without password to the format webui needs (ssl.crt and ssl.pvk)
  5. Place both files in “Program Files (x86)\BigFix Enterprise\BES WebUI\WebUI”
  6. Restart WebUI service since this is version 9.5.4

Am I missing a step or doing something wrong here?