Manually Import TrustedCertList.pem or Keychain.json Files
search cancel

Manually Import TrustedCertList.pem or Keychain.json Files

book

Article ID: 291735

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to manually import the TrustedCertList.pem and/or keychain.json files on an endpoint.

Environment

  • App Control Server: Version 8.7.0 and higher
  • App Control Windows Agent: Version 8.7.0 and higher
  • App Control macOS Agent: Version 8.9.2 and higher

Resolution

 Windows:

  1. Acquire the latest TrustedCertList.pem or keychain.json file from the Server's directory: \Bit9\Parity Server\hostpkg\
  2. Place the file somewhere on the endpoint, example: C:\Temp
  3. Issue the following commands in a command prompt:
    • Agent version 8.9.2+:
      cd "C:\Program Files (x86)\Bit9\Parity Agent"
      dascli password EnterGlobalPasswordHere
      dascli importservercertlist "C:\Temp\TrustedCertList.pem"
      dascli importkeychain "C:\Temp\keychain.json"
      dascli healthcheck
    • Agent versions 8.7.x - 8.9.0:
      cd "C:\Program Files (x86)\Bit9\Parity Agent"
      dascli password EnterGlobalPasswordHere
      dascli tamperprotect 0
      dascli importservercertlist "C:\Temp\TrustedCertList.pem"
      dascli importkeychain "C:\Temp\keychain.json"
      copy /y c:\temp\trustedcertlist.pem "C:\ProgramData\Bit9\Parity Agent"
      copy /y c:\temp\keychain.json "C:\ProgramData\Bit9\Parity Agent"
      dascli tamperprotect 1
      dascli healthcheck
  4. Verify there are no Health Check failures related to the Trusted Certificate List or the Keychain.

 macOS:

  1. Verify macOS Agent Key Pinning has been enabled.
  2. Acquire the latest TrustedCertList.pem or keychain.json file from the Server's directory: \Bit9\Parity Server\hostpkg\
  3. Place the file somewhere on the endpoint, example: /Users/<USR>/Downloads/
  4. Issue the following commands in Terminal:
    cd /applications/bit9/tools
    ./b9cli --password GlobalPassword
    ./b9cli --tamperprotect 0
    ./b9cli --importservercertlist "/Users/<USR>/Downloads/trustedcertlist.pem"
    ./b9cli --importkeychain "/Users/<USR>/Downloads/keychain.json"
    ./b9cli --tamperprotect 1
    ./b9cli --healthcheck
  5. Verify there are no Health Check failures related to the Trusted Certificate List or the Keychain.

Additional Information