• Agent Health Checks are failing with FailureId[970]: 

Carbon Black App Control Agent is missing a trusted certlist file.

• Agent Health checks are failing with FailureId[960]: 

Server certificate list has been stored but has been determined to be invalid.

The "TrustedCertList.pem" file is created on the application server hosting the App Control Server in the default directory:

C:\Program Files (x86)\Bit9\Parity Server\hostpkg

1. Verify the Resource Download Location (RDL) in System Configuration > Advanced is still accurate and contains the necessary files.
2. Verify the certificate used for the URL address of the RDL matches one of the certificates listed in the console:

 System Configuration page > Security tab > Trusted Communication Certificates

1. • If missing, export the existing trusted certificate and import it to the Trusted Communication Certificates list
   • If necessary, the current Trusted Certificate can be imported and used for the RDL in the IIS manager
   • If the Trusted Communication Certificates panel is missing on the page, enable it
2. Verify the required ports for App Control are available to the Server Address. By default these are 41002 and 443.
3. Test if the file can be downloaded from an endpoint using the URL address of the RDL without errors:

   Example: https://ServerAddress/hostpkg/pkg.php?pkg=TrustedCertList.pem

4. If the issue persists the TrustedCertList.pem may need to be manually imported.