• Agent Health Checks are failing with FailureId[970]: 

  Carbon Black App Control Agent is missing a trusted certlist file.

• App Control Agent: 8.7 and Higher
• App Control Server: 8.7 and Higher

The TrustedCertList.pem file is created on the application server hosting the App Control Server in the default directory: "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"

1. Verify the Resource Download Location in System Configuration > Advanced is still accurate, and contains the necessary files.
2. Verify the certificate used for the RDL matches a certificate listed as Trusted in the Console > System Configuration > Security > Trusted Communication Certificates.
   • If necessary, the current Agent Communication Certificate can be exported and used in IIS. Export the existing Agent Communication Certificate.
   • If necessary, a new certificate can be imported to the Trusted Communication Certificates list.
   • If the Trusted Communication Certificates list is missing, enable it.
3. Verify the required ports for App Control are available to the Server Address. By default these are 41002 and 443.
4. Test if the file can be downloaded from an endpoint using the RDL (Step 1):

   Example: https://ServerAddress/hostpkg/pkg.php?pkg=TrustedCertList.pem

5. If the issue persists the TrustedCertList.pem may need to be manually imported.