App Control: How To Create An Alert For Communication Certificate Expiring
search cancel

App Control: How To Create An Alert For Communication Certificate Expiring

book

Article ID: 286603

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

To create an Alert to warn before the expiration of the Agent Communication Certificate.

Environment

  • App Control Console: All Supported Versions

Resolution

Beginning with Server 8.10.2 an Alert is included by default. If one does not exist the following steps can be used to recreate the Alert:
  1. Verify the Email Notifications for Alerts has been configured.
  2. Navigate to Tools > Alerts > Add Alert.
  3. Use the following details:
    • Alert Name: Agent Communication Certificate Expiring
    • Status: Enabled
    • Type: Event Alert
    • Trigger On: Event > Subtype > is:
      • SSL certificate expiring
      • or SLL certificate expired
    • Reminder Mail > Status: Enabled
    • Reminder Mail > Remind Every: 1 day(s)
  4. Click Create.

Additional Information

  • The Communication Certificate should always be replaced before the expiration to prevent Agent/Server communication issues.
  • The Reminder Mail will resend the Alert Email if the Alert has not been reset.
  • The following Shepherd Configs (https://ServerAddress/shepherd_config.php) are related to this Event:
    • CertificateExpirationCheckPeriodSeconds: How often to check for certificate expiration violation (Default hourly)
    • CertificateExpirationWarningEventDelay: How long in minutes between generating warning Events (Default 1 day)
    • CertificateExpirationWarningLastEventTime: Stores the time the Event was last generated
    • CertificateExpirationWarningTimeThresholdDays: How long before expiration for warning (Default 14)