Carbon Black Workload Appliance and Sensor Gateway Appliance OVA Installation wizards show certificate expired warning
Article ID: 424627
Updated On:
Products
Issue/Introduction
During deployment of the Carbon Black Cloud Workload Protection Appliance (OVA) or Sensor Gateway Appliance, a warning is displayed indicating that the OVA certificate has expired.
The deployment UI shows the certificate as expired as of 3rd January 2026, which may cause concern about the validity or security of the appliance.
The screenshots below show the certificate expiry warning in the installation wizard
Environment
CWP 1.3.0, 1.3.1, SGW 1.2.2
Cause
The warning is triggered because the digital signing certificate embedded in the OVA package has expired. This certificate is validated by the hypervisor during OVA deployment to verify the package signature. However, the certificate is only used for integrity verification at deployment time and is not used for runtime operation, communication, or product licensing.
As a result, the expired certificate does not impact:
- Appliance functionality
- Connectivity to Carbon Black Cloud
- Feature availability or subscriptions
Resolution
Workaround:
Ignore the certificate expiration warning and proceed with the deployment.
The warning is cosmetic and informational.
The appliance deploys and operates normally.
Carbon Black Cloud licensing and functionality are not affected.
Permanent Fix (In Progress):
We are actively working on releasing OVA packages signed with a valid certificate.
The updated OVAs will remove the certificate expiration warning during deployment.
Customers will be able to deploy the new OVA once it becomes available.
Feedback
