Environment
- App Control Agent: All Supported Versions
- App Control Console: All Supported Versions
Symptoms
- Events similar to: Excessive certificate validation Time[5min 1sec]
- Extremely slow Agent initialization due to certificate validation failure
Cause
Agent running in an air gapped (or otherwise limited Internet) environment cause certificate validation failures which in turn delay the initialization process
Resolution
Additional Notes
- Checking certificates requires that queries be run over the Internet. In an offline environment, online revocation checking will never succeed.
- OCSP online requests to check for revocation, while resource expensive, are a critical piece that ensures the Agent has the most up to date validity information regarding the certificate in question.
- If a certificate is compromised and revoked by its author, it is critical that Agents are notified of this change in trust. Without it, new malicious files signed by the compromised certificate could be Approved.
- For an air gapped environment it is recommended to setup PKI such that Agents can trust the local cached information on the endpoint, or funnel through a network product that can do the caching and revocation checking on behalf of the endpoint without leaving the local network.
Related Content