FailureId[990] Untrusted Server Certificate Issuer
search cancel

FailureId[990] Untrusted Server Certificate Issuer

book

Article ID: 286556

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Agent Disconnected
  • Trace.bt9 shows errors like:
    2024-05-20T12:53:21-03:00 130744301 (0EA0) - HealthCheckContext::AddFailure: Health Check Failure Severity[Medium]: Failed to download Server Cert List file from URL [https://<ServerURLHere>/hostpkg/pkg.php?pkg=TrustedCertList.pem]: Error[WinHttpSendRequest Error[12175:]]
    2024-05-20T12:53:21-03:00 130744301 (0EA0) - Event String[2637] Subtype[447] Params[Failed to download Server Cert List file from URL [https://<ServerURLHere>/hostpkg/pkg.php?pkg=TrustedCertList.pem]: Error[WinHttpSendRequest Error[12175:]]][Options[00000003] TotalFailures[7]][961] File[] Process[ (4294967295)] User[] CLVer[156157] RuleId[0] CalculatedTime[133605651641390607] State[00000000]
    2024-05-20T12:53:21-03:00 130744302 (0EA0) - HealthCheckContext::AddFailure: Health Check Failure Severity[High]: Untrusted server certificate. Issuer [<IssuerHere>], Serial Number [<SerialNumberHere>]
    2024-05-20T12:53:21-03:00 130744302 (0EA0) - Event String[2637] Subtype[447] Params[Untrusted server certificate. Issuer [<IssuerHere>], Serial Number [SerialNumberHere]][Options[00000003] TotalFailures[8]][990] File[] Process[ (4294967295)] User[] CLVer[156157] RuleId[0] CalculatedTime[133605651641395727] State[00000000]
  • Agent is failing Health Checks with:
    Carbon Black App Control Agent detected a problem: Untrusted server certificate Issuer [CERTIFICATE AUTHORITY], Serial Number [SERIAL] .... FailureId[990]

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions

Cause

  • The App Control Server Certificate currently in use is not currently in the Trusted Communication Certificates list.
  • Certificate is not trusted by the OS

Resolution

  1. Login to the Console and navigate to System Configuration > Security.
  2. Compare the Thumbprint listed in the Current Server Certificate Details against those listed in the Trusted Communication Certificates.
  3. If still experiencing issues, confirm the certificate listed in the error is in the local certificate store of the device experiencing the issue. 

Additional Information

  • SSL Inspection on port 41002 can prevent an otherwise Trusted Certificate from being validated against the App Control Server.
  • If the Trusted Communication Certificates list is not visible, refer to:
  • If the issue persists, please open a case with Support.