Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Publisher Block Due to MinKeyLength Less Than 512

App Control: Publisher Block Due to MinKeyLength Less Than 512

Environment

  • App Control Server: All Supported Versions
  • Microsoft Windows: All Supported Versions

Symptoms

  • Publisher block with error: (IneligibleForApproval: ChainIdx[1] CertId[ # ] MinKeyLength[512] Actual[256])]
  • File is using an EC 256-bit certificate

Cause

Agent is not expecting a certificate type with a MinKeyLength of less than 512.

Resolution

  1. Login to the App Control Console.
  2. Navigate to: https://ServerAddress/agent_config.php
  3. Click Show Filters > Add filter > Value > contains: minimum_cert_key_size > Apply
  4. Click Edit (pencil icon) next to the resulting Agent Config.
  5. Change the Value to: minimum_cert_key_size=256
  6. Click Save
NOTE: This will change the required minimum key length for all certificates, regardless of the type. Please consider the overall security posture and whether a Custom Rule would work in place of the Publisher Approval.

 

Additional Notes

  • Some certificate types have different key lengths based on how they were designed.
  • Some certificate types may be more secure with less characters, but confirm before making these changes

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎06-20-2022
Views:
167
Contributors