App Control: Publisher Block Due to MinKeyLength Less Than 512
search cancel

App Control: Publisher Block Due to MinKeyLength Less Than 512

book

Article ID: 286657

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Publisher block with error: (IneligibleForApproval: ChainIdx[1] CertId[ # ] MinKeyLength[512] Actual[256])]
  • File is using an ECC (Elliptic Curve Cryptography) certificate

Environment

  • App Control Console: 8.0.0 - 8.9.6
  • App Control Agent: 8.0.0 - 8.9.0
  • Microsoft Windows: All Supported Versions

Cause

Agent is not expecting a certificate type with a MinKeyLength of less than 512.

Resolution

Enhancements in both Server 8.10.0 (EP-14539) and Agent 8.9.2 (EP-17727) introduce support for varying algorithms and certificate key sizes. Upgrading to these versions (or higher) will permanently resolve this issue.
  • RSA and ECC Certificate Key Size settings are managed via System Configuration > Advanced Options > Certificate Options.
  • Agent support for these settings was introduced with the release of Agent 8.9.2.

Additional Information