Package Generation Disabled Due To Missing Certificate
search cancel

Package Generation Disabled Due To Missing Certificate

book

Article ID: 286605

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Package Generation is disabled immediately after uploading new Agent Host Package Installer.
  • Air-gapped or otherwise limited Internet access.
  • ServerLog.bt9 entries similar to:
    (6516 PackageGeneration) SignatureQuery::ValidateCertificate: File[C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi] did not pass verification Error[800B010A] Chain[0] Element[-1]
    (6516 PackageGeneration) SignatureQuery::ValidateCertificateOnFile: File[C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi] did not match certificate Error[800B010A]
    (6516 PackageGeneration) TestParityHostFile certificate validation failed: 0x800B010A
    (6516 PackageGeneration) Deleted invalid host package file C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi
    ...
    (6516 PackageGeneration) TestParityHostFile cannot open C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi, error: 2
    (6516 PackageGeneration) HostGroupStorage::GenerateWindowsPackages: Host files not correctly signed, turning off package generation
    

Environment

  • App Control Server: 8.7.8+
  • Microsoft Windows Server: All Supported Versions

Cause

The application server is unable to validate necessary certificates against the remote Certificate Authority and the relevant Code Signing certificate is missing from Trusted Root Certification Authorities on the application server.

Resolution

  1. Login in to the application server as the Carbon Black Service Account.
  2. Download the attached "HPICertificates.zip"
  3. Extract & open each .cer file. Click Install Certificate.
  4. In the Import Wizard choose: Local Machine > Place all certificates in the following store > Browse > Trusted Root Certification Authorities > OK > Next > Finish.
  5. After the import completes for each certificate, execute the installer locally:
  6. Verify Package Generation remains Enabled.

Additional Information

  • If the certificates used for the Agent Installers changes in the future the process may need to be repeated.

Attachments

HPICertificates.zip get_app