CB Response: All versions

"CbServerCert" is used to establish communication with the server from the sensors. 

"SensorClientCert" and "SensorClientKey" are for sensor identification, validation and group matching. 

From server version 6.4 CB Response introduced "TLS Certificate Management". This feature includes the following abilities: 

"1. Provide certificates that are signed by the user’s organization. 
2. Uses different server certificates to authenticate connections between the CB ResponseServer and various sensor groups. This reduces the exposure to a compromised server certificate. 
3. Adds stricter validation methods to certificate pinning, so that if a server certificate that is used by a sensor has expired or fails to meet other operating-system-specific criteria,server-sensor communication is disabled." 

Please check Page 121 on https://community.carbonblack.com/t5/Documentation-Downloads/CB-Response-6-4-0-User-Guide/ta-p/74749 for more information.