App Control: How to Disable Certificate Revocation Check for Outbound Verification
search cancel

App Control: How to Disable Certificate Revocation Check for Outbound Verification

book

Article ID: 289058

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How to disable certificate revocation from checking external sources for verification

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Resolution

  1. On the App Control Console, click the Configuration (Gear) icon
  2. Click on the System Configuration page > Advanced Options tab
  3. Scroll down with the Certificate Options panel at the bottom
    1. Find the option for 'Background Revocation Check' 
    2. For each of the revocation settings, there are three possible values: 
      • Network – If revocation information is not locally available then use the network to retrieve the revocation status of a certificate
      • Cache – Use locally available revocation status information when performing certificate revocation (the network will not be used)
      • None – Do not perform certificate revocation checking

Additional Information

  • Please keep in mind that certificate revocation is typically used in instances where the private signing key is lost or compromised. With this option disabled users will not be notified if a key is revoked
  • 'Background Revocation Check' determines whether, and if so, how a certificate revocation check is done in the background every 24 hours
  • Possible to see TCP port 443 traffic to external IP addresses by the parity.exe process when validating certificates