Cb Protection: How to Recover From Accidentally Enabling Certificate Verification
search cancel

Cb Protection: How to Recover From Accidentally Enabling Certificate Verification


Article ID: 285554


Updated On:


Carbon Black App Control (formerly Cb Protection)


How to get agents reconnected after accidentally enabling Certificate Verification in the CB Protection console when only using a self-signed certificate.


  • Cb Protection Server: All Versions
  • Microsoft Windows: All Versions
  • Self-signed certificate on Cb Protection Console


  1. Purchase/Create a CA signed certificate with the appropriate Subject name and Subject Alternative Names for the Cb Protection Server
  2. Install new CA signed certificate on the Cb Protection Server using the instructions from the Cb Protection Using Guide
  3. Import the Root CA certificate for the new CA signed certificate on all agent endpoints​:
    1. Go to Windows Start, Click RUN
    2. Type MMC 
    3. Click OK.
    4. On the Microsoft Management Console (mmc) window, go to the File menu
    5. Click on 'Add/Remove Snap-In'
    6. Select Certificates
    7. Click on Computer Accounts
    8. Click on 'Local Computer'
    9. Click Finish
    10. Expand 'Certificates (Local Computer)'
    11. Expand 'Trusted Root Certification Authorities' 
    12. Right Click on the sub-folder 'Certificates' and cliick on Import
    13. Import the Root CA certificate from Step 1
Once this is completed on all agent endpoints, they should re-register and show connected on the Cb Protection Console

Additional Information

  • You can validate the Subject Name and SANs on the existing self-signed certificate before purchasing/creating a new CA signed cert
  • You can ask the certificate vendor for the Root CA certificate, so you can authorize all the endpoints you need connected
  • Use a web browser to get the certificate. Access a web page on the server with HTTPS. Then use the web browser options to export the certificate to a .cer file.