Got it to work: -
openssl req -new -newkey rsa:2048 -nodes -out ssl.csr -keyout ssl.key -subj “/C=US/ST=Virginia/L=McLean/O=CDM/OU=Information Technology/CN=BigFix”
saved 2 files ssl.csr and ssl.key
send ssl.csr to CA to get ssl.cer
make copy of ssl.key and rename to ssl.pvk
make copy of ssl.cer and rename to ssl.crt
stop besrootserver service on BigFix root server
copy ssl.crt and ssl.pvk to "\Program Files (x86)\BigFix Enterprise\BES Server\WebUI"
start besrootserver service on BigFix root server
open browser and type in link to https://bigfix for accessing WEBUI
** if your cert is issued from enterprise CA you are able to add DNS names to aliases being used to access the WEBUI: - common examples of accessing the web link are as follows
https://BigFix
https://bigfixserver
https://webui
https://BigFix.MyDomain.com
https://BigFixserver.MyDomain.com
https://WEBUI.MyDomain.com
NOTE* while requesting this cert make request to add subject alternate names (DNS) names to this cert by adding this to the “Additional Attributes:” section of the cert generating process
san:DNS=WebUI.MyDomain.com&DNS=BigFix.MyDomain.com&DNS=BigFixServer.MyDomain.com&DNS=WEBUI&DNS=BigFix
**this is so any of the names listed here can be used in the web browser to resolve as a valid cert.