Bootstrap Installation of the SMP Agent for ULM 7.5 SP1 to an SSL-enabled SMP Server

The following shows three attempts to install the SMP Agent for Unix, Linux and Mac (ULM) 7.5 SP1 from an SSL-enabled SMP server. 

Incorrect method:
This method does not specify a protocol (http or https) nor SMP certificate information and fails. Note that the default protocol used by the aex-bootstrap is http. 

./aex-bootstrap-macosx mysmpssl.mydom.com
...
ERROR: Failed getting Package manifest, 
Url: http://mysslsmp.mydom.com/Altiris/NS/NSCap/Bin/Unix/Agent/Mac/x86 
Destination Dir: /opt/altiris/notification/nsagent/.tmp_inst 
Msg: HTTP server returned an error, 403, http://mysmpssl.mydom.com/Altiris/NS/NSCap/Bin/Unix/Agent/Mac/x86/packag...
HTTP/1.1 403 Forbidden
----------------------------------

Interactive method:
This method specifies a protocol (https) but does not specify SMP certificate information resulting in a successful, albeit interactive, installation. The agent will attempt to use the thumbprint of the certificate bound to port 443.

./aex-bootstrap-macosx https://mysmpssl.mydom.com

...
Would you like to trust the NS with the following certificate fingerprint: 61CB1356B112E063E720F24698F27F0FB1B9302A ? (y/n)
y
INFO: Getting Package: https://mysmpssl.mydom.com/Altiris/NS/NSCap/Bin/Unix/Agent/Mac/x86 into temp dir: /opt/altiris/notification/nsagent/.tmp_inst
INFO: Success verifying package signatures.
INFO: Success getting Package.
INFO: Installing package...
----------------------------------

Non-interactive method:
This method specifies both a protocol (https) and a certificate thumbprint resulting in a non-interactive Installation.

./aex-bootstrap-macosx -- -nscert 61cb1356b112e063e720f24698f27f0fb1b9302a https://mysmpssl.mydom.com
...
INFO: Getting Package: https://mysmpssl.mydom.com/Altiris/NS/NSCap/Bin/Unix/Agent/Mac/x86 into temp dir: /opt/altiris/notification/nsagent/.tmp_inst
INFO: Success verifying package signatures.
INFO: Success getting Package.
INFO: Installing package...
----------------------------------

Note: In the non-interactive method, it is required to enter a double-dash AND "-nscert <thumbprint>". See "aex-bootstrap-<os> -h" for details. This method is suitable for a script-based agent installation. 

Note: It appears that the NS name specified in the bootstrap command line does not have to match the name on the certificate. Rather, it just needs to be resolvable to the correct NS/SMP server.