App Control: How to Check for the URL Address Used by Crypto API for CRL Validation
search cancel

App Control: How to Check for the URL Address Used by Crypto API for CRL Validation

book

Article ID: 291279

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Check for the URL address used by Crypto API for Certificate Revocation List (CRL) during certificate validation

Environment

  • App Control Server: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

Steps to find the specific URL Address:
  1. Right-click on the file signed by the publisher’s certificate
  2. Select Properties
  3. Go to Digital Signatures tab
  4. Select the signer and click Details
  5. Click View Certificates
  6. Go to Details tab
  7. The info that you need is in the "CRL Distribution Point"
To install a CRL obtained from the URL address:
  1. Obtain the CRL as a file from URL
  2. Go to the configuration page in the administration console
  3. Click the Certificates > Certificate Authorities tab
  4. Click the Install CRL button
  5. Enter the full path name to the associated file
  6. Click OK

Additional Information

  • The App Control agent calls on the Crypto API (crypt32) that’s part of the operating system to check the certificate used on the file
  • One of the items that need to be validated is the revocation status of the certificate using a URL address defined on the CRL Distribution Point of the certificate
  • Each certificate has different URL address