Carbon Black Cloud: Sensors unable to communicate after registration when Proxy/Firewall inserts its own certificate
Article ID: 290341
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Sensor able to register with Cloud
- No subsequent Events are found for Sensor
- Last Check-In remains close to Registration date and time
- Packet capture (pcap from Wireshark or similar) at or after install shows Unknown CA
- Transport Layer Security in pcap shows certificate from Proxy/Firewall provider instead of *.conferdeploy.net
Environment
- Carbon Black Cloud Console: All Versions
- Audit & remediation (was CB LiveOps)
- Endpoint Standard (was CB Defense)
- Enterprise EDR (was CB ThreatHunter)
- Carbon Black Cloud Sensor: All Versions
- Linux: All Supported Versions
- macOS: All Supported Versions
- Microsoft Windows: All Supported Versions
Cause
Proxy/Firewall is inserting its own Certificate, causing communications between Sensor and Cloud to fail
Resolution
One or both of the options below may be done, depending on the configurability of the Proxy/Firewall
- Change configuration of Proxy/Firewall to prevent insertion of its own Certificates for *.conferdeploy.net
- Export the Certificate from the Carbon Black Cloud Dashboard and import into Proxy/Firewall
Additional Information
For guidance on configuration changes specific to a given Proxy/Firewall, please reach out to the vendor of the Proxy/Firewall
Feedback
Yes
No
Powered by
