App Control: Agent Missing or Invalid Trusted Certlist File Health Check Errors
search cancel

App Control: Agent Missing or Invalid Trusted Certlist File Health Check Errors

book

Article ID: 288704

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Agent Health Checks are failing with FailureId[960]: Server certificate list has been stored but has been determined to be invalid.
  • Agent Health Checks are failing with FailureId[970]: Carbon Black App Control Agent is missing a trusted certlist file.

Environment

  • App Control Agent: 8.7 and Higher
  • App Control Server: 8.7 and Higher

Cause

Agent is unable to download the TrustedCertList.pem file from the Resource Download Location.

Resolution

The TrustedCertList.pem file is created on the application server hosting the App Control Server in the default directory: "C:\Program Files (x86)\Bit9\Parity Server\hostpkg"
  1. Verify the Resource Download Location in System Configuration > Advanced is still accurate, and contains the necessary files.
  2. Verify the certificate used for the RDL matches a certificate listed as Trusted in the Console > System Configuration > Security > Trusted Communication Certificates.
  3. Verify the required ports for App Control are available to the Server Address. By default these are 41002 and 443.
  4. Test if the file can be downloaded from an endpoint using the RDL (Step 1): Example: https://ServerAddress/hostpkg/pkg.php?pkg=TrustedCertList.pem
  5. If the file cannot be downloaded from an endpoint, the necessary ports will need to be opened on the firewall.