AAC::Configure BigFix [] Service with CA signed certificate
Log In or Register to download the BES file, and more.

0 Votes

Description

This Fixlet prompts for the certificate and certificate key to be used enabling Bigfix Services with CA signed certificates.

Certificate file will be created with extension .pem, its key with extension _key.pem


 


Written by Andrea.Capasso@hcl.com using documentation for

 parametrized fixlets 

 HTTPS across BigFix applications

Property Details

ID26722
StatusAlpha - Code that was just developed
TitleAAC::Configure BigFix [] Service with CA signed certificate
DomainBES
CategoryUtility
Sourceandrea.capasso@hcl.com
Source Release Date5/27/2020 12:00:00 AM
KeywordsSSL Certificates
Is TaskTrue
Added by on 11/16/2020 2:14:07 AM
Last Modified by on 11/16/2020 2:14:07 AM
Counters 1717 Views / 2 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists service "BESWebReportsServer" OR exists main gather service or exist webui service

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script 
action log commands
if {name of operating system starts with "Win"}
        parameter "PathSeparator"="\"
else
        parameter "PathSeparator"="/"
endif
parameter "FullCertName"="{(parameter "CertificateLocation") & (parameter "PathSeparator") & (parameter "CertName")}"

appendfile {parameter "Certificate"}
folder create "{parameter "CertificateLocation"}"
delete "{parameter "FullCertName" & ".pem"}"
move __appendfile "{parameter "FullCertName" & ".pem"}"

appendfile {parameter "CertificateKey"}
delete "{parameter "FullCertName" & "_key.pem"}"
move __appendfile "{parameter "FullCertName" & "_key.pem"}"

action log all

if {parameter "BigFixComponent" is "WebReports"}
    continue if {exists service "BESWebReportsServer"}
    setting "_WebReports_HTTPServer_SSLCertificateFilePath"="{parameter "FullCertName" & ".pem"}" on "{now}" for client
    setting "_WebReports_HTTPServer_SSLPrivateKeyFilePath"="{parameter "FullCertName" & "_key.pem"}" on "{now}" for client
    setting "_WebReports_HTTPServer_UseSSLFlag"="1" on "{now}" for client
    setting "_WebReports_HTTPServer_RequireTLS12"="1" on "{now}" for client

    if {name of operating system starts with "Win"}
        delete __appendfile
        appendfile net stop beswebreportsserver 
        appendfile net start beswebreportsserver
        delete restartWR.bat
        move __appendfile restartWR.bat
        waithidden restartWR.bat
        delete restartWR.bat
    else
        wait /etc/init.d/beswebreportsserver stop
        wait /etc/init.d/beswebreportsserver start
    endif
// if for some reason the service hasn't started yet, fail here
    continue if {exists running service "BESWebReportsServer"}

elseif  {parameter "BigFixComponent" is "WebUI"}
    continue if {exists webui service}
	// setting "_WebUIAppEnv_WEB_CERT_FILE"="{parameter "FullCertName" & ".pem"}" on "{now}" for client
	// setting "_WebUIAppEnv_WEB_KEY_FILE"="{parameter "FullCertName" & "_key.pem"}" on "{now}" for client

    parameter "TargetDir"="{value of setting "_WebUIAppEnv_WebUI_DIR" of client & "WebUI" }"
    if { exist file "ssl.crt" of (folder (parameter "TargetDir" as string))}
       parameter "WebUIcertname"="{pathname of file "ssl.crt" of folder (parameter "TargetDir")}"
       move "{parameter "WebUIcertname"}" "{parameter "WebUIcertname" & "_" & id of current action}"
    else
       parameter "WebUIcertname"="{(parameter "TargetDir") & (parameter "PathSeparator") & "ssl.crt"}"
    endif
    copy "{parameter "FullCertName" & ".pem"}" "{parameter "WebUIcertname"}" 
    
    if { exist file "ssl.pvk" of (folder (parameter "TargetDir" as string))}
       parameter "WebUIcertKeyname"="{pathname of file "ssl.pvk" of folder (parameter "TargetDir")}"
       move "{parameter "WebUIcertKeyname"}" "{parameter "WebUIcertKeyname" & "_" & id of current action}"
    else
       parameter "WebUIcertKeyname"="{(parameter "TargetDir") & (parameter "PathSeparator") & "ssl.pvk"}"
    endif
    copy "{parameter "FullCertName" & "_key.pem"}" "{parameter "WebUIcertKeyname"}" 

elseif  {parameter "BigFixComponent" is "RestAPI" or parameter "BigFixComponent" is "Server"}
    continue if {exists main gather service}
    setting "_BESRelay_HTTPServer_SSLCertificateFilePath"="{parameter "FullCertName" & ".pem"}" on "{now}" for client
    setting "_BESRelay_HTTPServer_SSLPrivateKeyFilePath"="{parameter "FullCertName" & "_key.pem"}" on "{now}" for client
    setting "_BESRelay_HTTPServer_UseSSLFlag"="1" on "{now}" for client
    setting "_BESRelay_HTTPServer_RequireTLS12"="1" on "{now}" for client
else
appendfile {parameter "BigFixComponent"}
delete "{parameter "FullCertName" & ".txt"}"
move __appendfile "{parameter "FullCertName" & ".txt"}"
endif


// action log all
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as