Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Server Certificate List Has Been Stored But Has Been Determined to be Invalid

App Control: Server Certificate List Has Been Stored But Has Been Determined to be Invalid

Environment

  • App Control Server: 8.7.0-8.7.2

Symptoms

  • Large Quantity of healthcheck messages with ID 960. With the error:
    Severity[High]: Server certificate list has been stored but has been determined to be invalid during file transfer
  • Health Check errors on the current Server Certificate:
    Severity[High]: Untrusted server certificate. Issuer [<CNAME>], Serial Number [<SERIALNUMBER>]

     

Cause

An error with the updating of the TrustedCertList.pem file took place on 8.7.0.

Resolution

This update issue has been resolved per EP-14450. This keeps the file from causing errors in the future, but does not resolve the previous file.

Automatic Repair:

  1. Verify that the Trusted Communication Certificates panel is visible under Administration > System Configuration > Security tab
    1. If not listed, enable using these directions
  2. In the Trusted Communication Certificates panel Disable and Re-enable one of the certificates listed. This will auto generate a new PEM file


Manual Rebuild

  1. On the App Control Server delete the following file:
    C:\Program Files (x86)\Bit9\Parity Server\Hostpkg\TrustedCertList.pem
  2. Restart the App Control Server Service

Additional Notes

  • The steps above will only be required once, if upgraded to the 8.7.2 release.
  • If the server remains on the 8.7.0 release, the steps above will be required every time the Server Certificate is updated.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-08-2021
Views:
1391
Contributors