App Control: Why Is the Server Generating Alerts for Revoked Certificates?
Article ID: 286562
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Why is the Server generating Revoked Certificate Alerts similar to:
Server detected revocation of certificate 'ABC123'. Error: 04000025:CERT_TRUST_IS_NOT_TIME_VALID:CERT_TRUST_IS_REVOKED:CERT_TRUST_IS_UNTRUSTED_ROOT:CERT_TRUST_IS_EXPLICIT_DISTRUST
Environment
- App Control Console: All Supported Versions
Resolution
The Built-in Revoked Certificate Alert (Tools > Alerts > Revoked Certificate Alert) has been Enabled. This Alert is designed to trigger when a Certificate Authority has revoked a Certificate that matches one in the environment.
Additional Information
- Typically a certificate would be revoked due to encryption keys being compromised, inaccurate information in the certificate, or if the Certificate Owner is no longer deemed as trusted.
- In some instances customers configure this Alert so that they can take further action. This may include removing a Certificate Approval, or verifying no new files signed with the Revoked Certificate exist in the environmentÂ
- The Alert can be configured to trigger only for specific Publishers, "Example: Apple, Inc".
Feedback
Yes
No
Powered by
