App Control: Using the Subject Alternative Name Field When Generating a Certificate
App Control (Formerly CB Protection) Server: All Supported Versions
How to use the Subject Alternative Name (SAN) field when generating a new server certificate during App Control Installation or from the Console.
When using the Subject Alternative Name (SAN) field, you need to enter both the current resolvable name of the server and any alternative names you wish to use.
For example, when checking the certificate on the System Configuration page > Security tab If the common name is set to "new.cbserver.com", but the previous server name was "old.cbserver.com" then the SAN field needs to be updated to include both names, so that the agents can authenticate:
Subject Alternative Name: DNS=new.cbserver.com,DNS=old.cbserver.com
If you wish to use an IP address, the syntax is:
DNS will also need to be set to redirect from the old FQDN to the new one.
Typically the SAN field is only needed if a change has been made to the hostname or the resolvable name of the server.
Please discuss these changes with Carbon Black Support in order to ensure your Agent machines will be able to successfully connect.