IBM Support

How to rotate the server signing key on the BigFix Server

Technote (troubleshooting)


Problem(Abstract)

Steps to take to rotate the server signing key on the IBM BigFix root server.

Resolving the problem

Note: This article applies to single server deployments. For information on how to rotate server signing keys for DSA go to this page:

How to Rotate Server Signing Keys in a DSA Environment

Instructions for rotating the server signing key:

1. Stop all BigFix BES services on the server:

    Windows: in the service manager, stop BES FillDB, BES GatherDB, BES Root Server, and BES Web Reports

    Linux: run the commands:
    /etc/init.d/besfilldb stop
    /etc/init.d/besgatherdb stop
    /etc/init.d/besserver stop
    /etc/init.d/beswebreports stop

2. On the server run the following command from the BES Server directory:
    Windows: BESAdmin /rotateserversigningkey

    Linux: /opt/BESServer/bin/BESAdmin.sh -rotateserversigningkey -sitePvkLocation [SITE_PVK_LOC]

    Note: Be patient. It may take quite a bit of time for all the content in the database to get re-signed and for the command to finish.

3. Start all BigFix BES services on the servers:
    Windows: in the service manager, start BES FillDB, BES GatherDB, BES Root Server, and BES Web Reports

    Linux: run the commands:
    /etc/init.d/besfilldb start
    /etc/init.d/besgatherdb start
    /etc/init.d/besserver start
    /etc/init.d/beswebreports start

Document information

More support for: IBM BigFix Platform
Server

Software version: Version Independent

Operating system(s): Platform Independent

Reference #: 1669587

Modified date: 29 December 2017


Translate this page: