Export and Import a Self-Signed Certificate for Disconnected Devices
search cancel

Export and Import a Self-Signed Certificate for Disconnected Devices


Article ID: 286619


Updated On:


Carbon Black App Control (formerly Cb Protection)


To export, and import a self signed agent communication certificate.


  • App Control Agent: All Supported Versions
  • App Control Server: All Supported Versions
  • Microsoft Windows: All Supported Versions


Exporting from the App Control Server:

Note: If using a certificate generated from an internal CA, there is no need to export it from the server.

  1. Log in to the application server hosting the App Control Server as the Carbon Black Service Account.
  2. Click Start > Run > certlm.msc > OK.
  3. In the left-hand pane expand: Trusted People > Certificates.
  4. Right click the relevant Certificate in the right-hand pane and choose: All Tasks > Export.
  5. Do not export the Private Key, and save as a .CER file.

Importing the certificate on the endpoint:

  1. Transfer the certificate to the device > right click > Install Certificate.
  2. Local Machine > Next > Place all certificates in the following store > Browse.
  3. Trusted People > Ok > Next > Finish.

Additional Information

Importing of the certificate can also be pushed through Group Policy, by applying it to the Trusted Root Certification Authority