I’ve installed the BigFix Root, webreports and WebUI (v10.0.1) on Win2016. Installation went fine for all 3 apps. I then installed an SSL cert (used the same .pem file) for the Root services and WebReports with a subject/fqdn of sample FQDN.domain (masthead points to FQDN_fake.domain but both are just a CNAME to the Win2016 server). From another machine I could hit https://fqdn.domain:52311/api and https://fqdn.domain:8083 (webreports) and both certs were good.
I then followed the steps to get the crt and pvk for the WebUI. At first when I viewed the crt the chain was broken but then I installed the missing Comodo certs and now when I view the crt it looks good. I placed the ssl.crt and ssl.pvk in “D:\Program Files (x86)\BigFix Enterprise\BES WebUI\WebUI” but I keep getting these SSL errors in the WebUI service-wrapper.log
Fri, 04 Sep 2020 00:51:30 +0000 -- WebUI service version 10.0.1.41 starting
Fri, 04 Sep 2020 00:51:30 +0000 -- [WebUI] Begin adjusting File Ownership and Security Settings for D:\Program Files (x86)\BigFix Enterprise\BES WebUI
Fri, 04 Sep 2020 01:06:46 +0000 -- [WebUI] Finished adjusting File Ownership and Security Settings.
Fri, 04 Sep 2020 01:06:46 +0000 -- OpenSSL Initialized (Non-FIPS Mode)
Fri, 04 Sep 2020 01:06:46 +0000 -- Using OpenSSL crypto library libBEScrypto64 - OpenSSL 1.0.2u 20 Dec 2019
Fri, 04 Sep 2020 01:06:46 +0000 -- [WebUI] Failed to retrieve all sites info from Root Server: HTTP Error 60: SSL peer certificate or SSH remote key was not OK: SSL: no alternative certificate subject name matches target host name '<FQDN.domain>'
Fri, 04 Sep 2020 01:06:46 +0000 -- [WebUI] Stopping WebUI service app
Fri, 04 Sep 2020 01:07:23 +0000 -- [WebUI] Failed to update service application: HTTP Error 60: SSL peer certificate or SSH remote key was not OK: SSL: no alternative certificate subject name matches target host name '<FQDN.domain>'
Fri, 04 Sep 2020 01:07:46 +0000 -- [WebUI] Stopping WebUI service app
Client settings on server:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\EnterpriseClient\Settings\Client_WebUIAppEnv_PLATFORM_HOST / “value” = <FQDN.domain>
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\EnterpriseClient\Settings\Client_WebUI_AppServer_Hostname / “value” = <FQDN.domain>
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\EnterpriseClient\Settings\Client_WebUIAppEnv_WEB_CERT_FILE / “value” = D:\Program Files (x86)\BigFix Enterprise\BES WebUI\WebUI\ssl.crt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\EnterpriseClient\Settings\Client_WebUIAppEnv_WEB_KEY_FILE / “value” = D:\Program Files (x86)\BigFix Enterprise\BES WebUI\WebUI\ssl.pvk
I’ve repeatedly restarted the BES Root and WebUI services and rebooted the server but I still get these errors. What am I missing?