Environment
- App Control Agent: All Supported Versions
- App Control Server: 8.7.0 - 8.8.2
Symptoms
- Large Quantity of healthcheck messages with ID 960. With the error:
Severity[High]: Server certificate list has been stored but has been determined to be invalid during file transfer
- Health Check errors on the current Server Certificate:
Severity[High]: Untrusted server certificate. Issuer [<CNAME>], Serial Number [<SERIALNUMBER>]
Cause
The TrustedCertList.pem file is regenerated from the information in the database when the Server service starts. In some instances this file was generated with the certificates out of order.
Resolution
This issue was resolved with the release of Server version 8.8.4 (EP-15362). Upgrading to a recent Server release should prevent this from happening in the future.
Additional Notes
- If this issue persists after the Server upgrade please verify Server Exclusions and open a case with Support.
- The previous workaround was to do the following manual rebuild of the PEM file:
- Log in to the application server hosting the Console and stop the App Control Server service.
- Delete the following file:
C:\Program Files (x86)\Bit9\Parity Server\Hostpkg\TrustedCertList.pem
- Start the App Control Server service.
