On Linux Systems
You can set the security options after you install Endpoint Manager
V9.1 or upgrade it to V9.1, by running the following command as super
user:
./BESAdmin.sh -securitysettings -sitePvkLocation=<path+license.pvk>
-enableEnhancedSecurity -requireSHA256Downloads
Note: The notation <path+license.pvk> used
in the command syntax stands for path_to_license_file/license.pvk.
The full syntax of the ./BESAdmin.sh -securitysettings is
the following:
./BESAdmin.sh -securitysettings -sitePvkLocation=<path+license.pvk>
[-sitePvkPassword=<password>]
{ -status | {-enableEnhancedSecurity|-disableEnhancedSecurity}
| {-requireSHA256Downloads|-allowSHA1Downloads} }
where:- status
- Shows the status of the security settings in your IBM Endpoint Manager environment. Example:
BESAdmin.sh -securitysettings -sitePvkLocation=/root/backup/license.pvk -sitePvkPassword=mypassw0rd -status Enhanced security is currently ENABLED SHA-256 downloads are currently OPTIONAL
- enableEnhancedSecurity | disableEnhancedSecurity
- Enables or disables the enhanced security that adopts the SHA-256
cryptographic digest algorithm for all digital signatures as well
as content verification and the TLS 1.2 protocol for communications
among the Endpoint Manager components.Warning: If you use this setting you break backward compatibility because IBM Endpoint Manager version 9.0 or earlier components cannot communicate with the IBM Endpoint Manager version 9.1 server or relays.
- requireSHA256Downloads
- Ensures that data has not changed after you download it using
the SHA-256 algorithm.Note: You can set requireSHA256Downloads only if you also set enableEnhancedSecurity.
- allowSHA1Downloads
- Ensures that the file download integrity check is run using the SHA-1 algorithm.