BigFix - Renewing BigFix MDM TLS & Apple Push Certificates

BigFix - Renewing BigFix MDM TLS & Apple Push Certificates

Brad Sexton Brad Sexton

Brad Sexton

Published Feb 18, 2025
+ Follow

Keeping your BigFix MDM/MCM environment secure requires annual renewal of TLS and Apple Push Certificates to maintain proper communication and functionality. This guide walks through the step-by-step renewal process to prevent disruptions.

 

Renew your TLS Certs for MDM/MCM

Locate the TLS.key you generated when you first installed the MDM server.

https://help.hcl-software.com/bigfix/11.0/mcm/WebUI/Users_Guide/r_bigfix_mdm_server_tls_certificate_content.html

 

 

Find the fixlet in the BigFix Console BigFix MDM Server - Stage External TrustedCA TLS Certificates

 

Open the contents of your new TLS cert and copy the contents of the cert in notepad

 

Paste the content of the cert to the MDM Server TLS CRT content: section of the fixlet

 

Open the TLS.key in notepad and copy the contents of the TLS.key

Paste the Contents of the TLS.key in the MDM Server TLS Key section

 

Type in the Password of the TLS key

 

 Deploy the fixlet to your MDM server with the Stage option selected

 

Let the action complete on your BigFix server

 

 

Fixlet ID 701 BigFix MDM Server – Deploy staged TLS Certificates will now become relevant

 

Deploy this action once you are ready to update your MDM server to the new Certificates.  This will restart the MDM services.

 

You can check the MDM Cert in your web browser

Before

 

After

 

Renewal of Apple Push Certs

Email the Pushcert.csr file to BFAppleCSR@hcl.com when you first stood up your Apple MDM server

https://help.hcl-software.com/bigfix/11.0/mcm/MCM/Install/t_generating_an_apns_certificate.html

 

Wait for the Signed HCL CSR email from BFAppleCSR@hcl.com

 

 

Go to https://identity.apple.com/pushcert/

 

Upload the HCL Signed CSR file that was emailed back to you

 

Download the new Apple Push Cert

 

Open the pem file downloaded from Apple and copy the contents of the file.

 

Open the task “Update Apple Push Credentials” and paste the contents of the PEM file downloaded from Apple to the Section Apple Push Certificate PEM Content

 

Locate the PushCert.key you created when you stood up your Apple MDM Server the first time

https://help.hcl-software.com/bigfix/11.0/mcm/MCM/Install/t_generating_an_apns_certificate.html

Open this file in notepad and copy the contents

 

Paste the contents of the PushCert.key to the Apple Push Key section and type the contents of the Certificate

Take action to update the Apple Push Credentials and Target your MDM Server

 

 

Ken Vendler

BigFix Technical Advisor at HCL Software

6mo

Thanks for sharing this, Brad!

Like
Reply

To view or add a comment, sign in

More articles by this author

See all

Others also viewed

Explore topics