App Control: Publisher Block Due to MinKeyLength Less Than 512
Article ID: 286657
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Publisher block with error: (IneligibleForApproval: ChainIdx[1] CertId[ # ] MinKeyLength[512] Actual[256])]
- File is using an ECC (Elliptic Curve Cryptography) certificate
Environment
- App Control Console: 8.0.0 - 8.9.6
- App Control Agent: 8.0.0 - 8.9.0
- Microsoft Windows: All Supported Versions
Cause
Agent is not expecting a certificate type with a MinKeyLength of less than 512.
Resolution
Enhancements in both Server 8.10.0 (EP-14539) and Agent 8.9.2 (EP-17727) introduce support for varying algorithms and certificate key sizes. Upgrading to these versions (or higher) will permanently resolve this issue.
- RSA and ECC Certificate Key Size settings are managed via System Configuration > Advanced Options > Certificate Options.
- Agent support for these settings was introduced with the release of Agent 8.9.2.
Additional Information
- An alternative Approval Method (Hash Approval, Custom Rule, etc) will be required until upgrades are complete.
- Some certificate types have different key lengths based on how they were designed
- Additional information on Elliptic Curve Cryptography certificate can be found here
Feedback
Yes
No
Powered by
