App Control: Server Certificate List Has Been Stored But Has Been Determined to be Invalid
search cancel

App Control: Server Certificate List Has Been Stored But Has Been Determined to be Invalid

book

Article ID: 286616

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Large Quantity of healthcheck messages with ID 960. With the error:
    Severity[High]: Server certificate list has been stored but has been determined to be invalid during file transfer
  • Health Check errors on the current Server Certificate:
    Severity[High]: Untrusted server certificate. Issuer [<CNAME>], Serial Number [<SERIALNUMBER>]

     

Environment

  • App Control Agent: All Supported Versions
  • App Control Server: 8.7.0 - 8.8.2

Cause

The TrustedCertList.pem file is regenerated from the information in the database when the Server service starts. In some instances this file was generated with the certificates out of order.

Resolution

This issue was resolved with the release of Server version 8.8.4 (EP-15362). Upgrading to a recent Server release should prevent this from happening in the future.

    Additional Information

    • If this issue persists after the Server upgrade please verify Server Exclusions and open a case with Support.
    • The previous workaround was to do the following manual rebuild of the PEM file:
      1. Log in to the application server hosting the Console and stop the App Control Server service.
      2. Delete the following file:
        C:\Program Files (x86)\Bit9\Parity Server\Hostpkg\TrustedCertList.pem
      3. Start the App Control Server service.