Environment
- App Control Server: All Supported Versions
- Microsoft Windows: All Supported Versions
Symptoms
- Publisher block with error: (IneligibleForApproval: ChainIdx[1] CertId[ # ] MinKeyLength[512] Actual[256])]
- File is using an EC 256-bit certificate
Cause
Agent is not expecting a certificate type with a MinKeyLength of less than 512.
Resolution
- Login to the App Control Console.
- Navigate to: https://ServerAddress/agent_config.php
- Click Show Filters > Add filter > Value > contains: minimum_cert_key_size > Apply
- Click Edit (pencil icon) next to the resulting Agent Config.
- Change the Value to: minimum_cert_key_size=256
- Click Save
NOTE: This will change the required minimum key length for all certificates, regardless of the type. Please consider the overall security posture and whether a Custom Rule would work in place of the Publisher Approval.
Additional Notes
- Some certificate types have different key lengths based on how they were designed.
- Some certificate types may be more secure with less characters, but confirm before making these changes
