App Control: Server Certificate List Has Been Stored But Has Been Determined to be Invalid
book
Article ID: 286616
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Large Quantity of healthcheck messages with ID 960. With the error:
Severity[High]: Server certificate list has been stored but has been determined to be invalid during file transfer
Health Check errors on the current Server Certificate:
Severity[High]: Untrusted server certificate. Issuer [<CNAME>], Serial Number [<SERIALNUMBER>]
Environment
App Control Agent: All Supported Versions
App Control Server: 8.7.0 - 8.8.2
Cause
The TrustedCertList.pem file is regenerated from the information in the database when the Server service starts. In some instances this file was generated with the certificates out of order.
Resolution
This issue was resolved with the release of Server version 8.8.4 (EP-15362). Upgrading to a recent Server release should prevent this from happening in the future.
Additional Information
If this issue persists after the Server upgrade please verify Server Exclusions and open a case with Support.
The previous workaround was to do the following manual rebuild of the PEM file:
Log in to the application server hosting the Console and stop the App Control Server service.