App Control: Check Point File Analysis Returning "Could Not Establish Trust Relationship for the SSL/TLS Secure Channel"
search cancel

App Control: Check Point File Analysis Returning "Could Not Establish Trust Relationship for the SSL/TLS Secure Channel"

book

Article ID: 290593

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

After attempting to analyze files the error "The underlying connection was closed. Could not establish trust relationship for the SSL/TLS secure channel" is displayed in the Error column on the Analyzed Files page.

Environment

  • App Control Server: 8.x and Greater
  • Microsoft Windows Server: All Supported Versions
  • Check Point: All Supported Versions

Cause

After the inital 8.0.x release SSL/TLS certificate checks on file uploads are honored. Thus, certificates that are not trusted can cause the connector to fail. 

Resolution

  1. Navigate in a browser to https://YOURSERVER/Support.php
  2. Enable Server Diagnostics, with the Server and Reporter logging to High. Script and SQL collection not required.
  3. Once enabled, test the connection under the System Configuration (GEAR Icon) > Administration > Connectors page.
  4. Analyze a file.
  5. Log into the Cb Protection application server as the service account user.
  6. Confirm that the latest file analysis has failed.
  7. Navigate on the server to C:\Program Files (x86)\Bit9\Parity Server\Reporter and open the most recent ReporterLog.bt9 file. Scroll to the bottom and copy the full URL it's requesting.
  8. On the server, open the URL in Internet Explorer. You will likely see a certificate related error.
  9. Import your Check Point certificate into the computers Trusted Root Certification Authority using the MMC snap-in. Please note the Subject name of the certificate.
  10. Verify that you can ping the Subject name of the certificate.  If no routing is enabled, you can add it to your DNS or modify the server Host file to include the route.
  11. Navigate back to the System Configuration (GEAR Icon) > Administration > Connectors page, and make sure the Checkpoint File analysis IP matches the name found in your Check Point certificate.
  12. Restart the Cb Protection Reporter service. 

Additional Information

https://community.carbonblack.com/t5/Documentation-Downloads/Cb-Protection-v8-0-0-Supported-Integrations/ta-p/50338
 
Powered by Wolken Software