The legacy self-signed certificate and key were overwritten in /etc/cb/certs/ causing sensors to go offline.

• EDR Server: All Supported Versions

Server is denying the handshake from the sensors due to mismatched certificates. 

1. Verify the thumbprints to not match these two outputs

   psql -p 5002 cb -x -c "select thumbprint from server_certs where name = 'Legacy';"
   openssl x509 -in /etc/cb/certs/cb-server.crt -fingerprint -sha1 | grep 'SHA'

2. If they do not match, the files can be regenerated with these commands

   psql -p 5002 cb -X -A -w -t -c "select x509_cert from server_certs where name = 'Legacy';" -o /etc/cb/certs/cb-server.crt
   psql -p 5002 cb -X -A -w -t -c "select private_key from server_certs where name = 'Legacy';" -o /etc/cb/certs/cb-server.key

3. Verify the recreated certificates are valid

   openssl x509 -text -nouout -in /etc/cb/certs/cb-server.crt
   openssl rsa -in /etc/cb/certs/cb-server.key -check

4. Restart the services

   Standalone:
   /usr/share/cb/cbservice cb-enterprise restart
   
   Cluster:
   /usr/share/cb/cbcluster stop && /usr/share/cb/cbcluster start

5. For clustered instances, if the cb-server.crt/key were replaced on the minions as well they will need to be synced

   /usr/share/cb/cbcluster sync-certs