Windows:

1. Acquire the latest TrustedCertList.pem or keychain.json file from the Server's directory: \Bit9\Parity Server\hostpkg\
2. Place the file somewhere on the endpoint, example: C:\Temp
3. Issue the following commands in a command prompt:
   • Agent version 8.9.2+:

     cd "C:\Program Files (x86)\Bit9\Parity Agent"
     dascli password EnterGlobalPasswordHere
     dascli importservercertlist "C:\Temp\TrustedCertList.pem"
     dascli importkeychain "C:\Temp\keychain.json"
     dascli healthcheck

   • Agent versions 8.7.x - 8.9.0:

     cd "C:\Program Files (x86)\Bit9\Parity Agent"
     dascli password EnterGlobalPasswordHere
     dascli tamperprotect 0
     dascli importservercertlist "C:\Temp\TrustedCertList.pem"
     dascli importkeychain "C:\Temp\keychain.json"
     copy /y c:\temp\trustedcertlist.pem "C:\ProgramData\Bit9\Parity Agent"
     copy /y c:\temp\keychain.json "C:\ProgramData\Bit9\Parity Agent"
     dascli tamperprotect 1
     dascli healthcheck

4. Verify there are no Health Check failures related to the Trusted Certificate List or the Keychain.

 macOS:

1. Verify macOS Agent Key Pinning has been enabled.
2. Acquire the latest TrustedCertList.pem or keychain.json file from the Server's directory: \Bit9\Parity Server\hostpkg\
3. Place the file somewhere on the endpoint, example: /Users/<USR>/Downloads/
4. Issue the following commands in Terminal:
   

   cd /applications/bit9/tools
   ./b9cli --password GlobalPassword
   ./b9cli --tamperprotect 0
   ./b9cli --importservercertlist "/Users/<USR>/Downloads/trustedcertlist.pem"
   ./b9cli --importkeychain "/Users/<USR>/Downloads/keychain.json"
   ./b9cli --tamperprotect 1
   ./b9cli --healthcheck

5. Verify there are no Health Check failures related to the Trusted Certificate List or the Keychain.