EDR: What is Strict Certificate Validation?
Article ID: 288011
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
What is Strict Certificate Validation?
Environment
- EDR Console: 6.4.0 and Higher
Resolution
Strict Certificate Validation will check against the normal certificate pinning used by the legacy certificate per normal operations, added with that it will check for expiration date. Windows sensors will also check for cert chain validation, hostname (SAN) and key usage.
Additional Information
- This feature should only be used for custom CA certificates
- Setting Strict Certificate Validation on legacy certificates will cause sensors to go offline
- This is a global feature, setting this will affect all sensor groups regardless of certificate assigned to the groups
- Only Global Administrators will be able to enable this feature
- Windows XP, Windows Vista, and Server 2003 do not support TLS certificate swap
- Linux sensors support CA certificates as of sensor version 6.3.0 and sever version 7.1.0. Earlier versions will use the default legacy certificate
- macOS sensors support CA certificates as of sensor version 6.2.5 and sever version 6.4.0 Earlier versions will use the default legacy certificate
Feedback
Yes
No
Powered by
