Manually Import TrustedCertList.pem or Keychain.json Files
book
Article ID: 291735
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Steps to manually import the TrustedCertList.pem and/or keychain.json files on an endpoint.
Environment
- App Control Server: Version 8.7.0 and higher
- App Control Windows Agent: Version 8.7.0 and higher
- App Control macOS Agent: Version 8.9.2 and higher
Resolution
Windows:
- Acquire the latest TrustedCertList.pem or keychain.json file from the Server's directory: \Bit9\Parity Server\hostpkg\
- Place the file somewhere on the endpoint, example: C:\Temp
- Issue the following commands in a command prompt:
- Agent version 8.9.2+:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password EnterGlobalPasswordHere
dascli importservercertlist "C:\Temp\TrustedCertList.pem"
dascli importkeychain "C:\Temp\keychain.json"
dascli healthcheck
- Agent versions 8.7.x - 8.9.0:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password EnterGlobalPasswordHere
dascli tamperprotect 0
dascli importservercertlist "C:\Temp\TrustedCertList.pem"
dascli importkeychain "C:\Temp\keychain.json"
copy /y c:\temp\trustedcertlist.pem "C:\ProgramData\Bit9\Parity Agent"
copy /y c:\temp\keychain.json "C:\ProgramData\Bit9\Parity Agent"
dascli tamperprotect 1
dascli healthcheck
- Verify there are no Health Check failures related to the Trusted Certificate List or the Keychain.
macOS:
- Verify macOS Agent Key Pinning has been enabled.
- Acquire the latest TrustedCertList.pem or keychain.json file from the Server's directory: \Bit9\Parity Server\hostpkg\
- Place the file somewhere on the endpoint, example: /Users/<USR>/Downloads/
- Issue the following commands in Terminal:
cd /applications/bit9/tools
./b9cli --password GlobalPassword
./b9cli --tamperprotect 0
./b9cli --importservercertlist "/Users/<USR>/Downloads/trustedcertlist.pem"
./b9cli --importkeychain "/Users/<USR>/Downloads/keychain.json"
./b9cli --tamperprotect 1
./b9cli --healthcheck
- Verify there are no Health Check failures related to the Trusted Certificate List or the Keychain.
Feedback
thumb_up
Yes
thumb_down
No