The Certificate Installer is designed to instruct your agents to trust software signed with the new VMware Carbon Black certificate. Otherwise, when a future agent host package installer or rules installer is signed with that certificate, it may be blocked from installation.
Instructions for use for CB App Control version 8.1.6 and Above
The Certificate installer is a self-extracting zip. It can be uploaded to the server using the "Update Agent/Rule Versions" page in the console, the same way agent host packages are installed. It will then be automatically placed into a specific directory where the CB App Control Reporter service will detect it and execute the zip. It is also possible to move it to the server directly and run it, but the upload page is the recommended method.
Who needs to use the Certificate installer?
Customers who do not have their server connected to the internet and are running server versions:
8.7.6 and below, 8.8.0-8.8.4, 8.9.0-8.9.2 – The 2023 Certificates need to be added to support installing the upcoming rules and host Package installers.
Certificate installer can be uploaded to the server using the "Update Agent/Rule
Versions" page in the console. OR
Certificate installer can be run manually on the system
Not necessary to use the Certificate installer:
Customers who have their server connected to the internet, or are running server versions 8.7.8, 8.8.6, 8.9.4, and above:
The signing certificates will be validated successfully with an internet connection, so the certificate installer is not needed. Additionally, the new 2023 Certificates are included with the server versions listed and thus even without an internet connection we will be able to internally validate them. Therefore It is not necessary to use the Certificate installer for your rules and agents to be installed.
The certificate installer (whether run via the upload page or executed manually) will create a log file in %temp%\. If the installation is successful the file is copied to C:\Program Files (x86)\Bit9\Parity Server\Support\.
The file will be named something like this: CertificateInstaller-2023-02-21-152654.log
Every time it is run, a unique file name will be generated, so you don't have to worry about overwriting one and losing it.
If the Upload Fails?
Check the error log for more details
If the error code is 0, check the windows logs and procmon. In one example, it turned out Windows Defender was deleting the installer pretty much instantly. It could be Windows Defender or another AV product.
Value: 0: There is no error, the file uploaded with success.
Value: 1: The uploaded file exceeds the upload_max_filesize directive in php.ini.
Value: 2: The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.
Value: 3: The uploaded file was only partially uploaded.
UPLOAD_ERR_NO_FILE Value: 4: No file was uploaded.
Value: 6: Missing a temporary folder.
Value: 7: Failed to write file to disk.
Value: 8: A PHP extension stopped the file upload. PHP does not provide a way to ascertain which extension caused the file upload to stop; examining the list of loaded extensions with phpinfo() may help.
What If the Install Fails?
Check php error log
Turn up server logging and check server log
Instructions for use for CB App Control version 8.1.4
The certificate installer utility cannot be uploaded to the server using the “Update Agent/Rule Versions” page in version 8.1.4. It is possible to move it to the server directly and run it. Alternatively, customers running version 8.1.4 may run the SQL script provided instead of using the method above.