IBM Support

Endpoint Manager - How to rotate the server signing key.

Technote (troubleshooting)


Problem(Abstract)

Steps to take to rotate the server signing key on the IBM Endpoint Manager root server.

Resolving the problem

Note: This article applies to single server deployments. For information on how to rotate server signing keys for DSA go to this page:

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/How%20to%20Rotate%20Server%20Signing%20Keys%20in%20a%20DSA%20Environment


Instructions for rotating the server signing key:

1. Stop all IEM services on the server:

    Windows: in the service manager, stop BES FillDB, BES GatherDB, BES Root Server, and BES Web Reports

    Linux: run the commands:
    /etc/init.d/besfilldb stop
    /etc/init.d/besgatherdb stop
    /etc/init.d/besserver stop
    /etc/init.d/beswebreports stop

2. On the server run the following command from the BES Server directory:
    Windows: BESAdmin /rotateserversigningkey

    Linux: /opt/BESServer/bin/BESAdmin.sh -rotateserversigningkey -sitePvkLocation [SITE_PVK_LOC]

    Note: Be patient. It may take quite a bit of time for all the content in the database to get re-signed and for the command to finish.

3. Start all IEM services on the servers:
    Windows: in the service manager, start BES FillDB, BES GatherDB, BES Root Server, and BES Web Reports

    Linux: run the commands:
    /etc/init.d/besfilldb start
    /etc/init.d/besgatherdb start
    /etc/init.d/besserver start
    /etc/init.d/beswebreports start

Document information

More support for: IBM BigFix family

Software version: Version Independent

Operating system(s): Platform Independent

Reference #: 1669587

Modified date: 16 March 2015


Translate this page: