Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Why Is the Server Generating Alerts for Revoked Certificates?

App Control: Why Is the Server Generating Alerts for Revoked Certificates?

Environment

  • App Control Console: All Supported Versions

Question

Why is the Server generating Revoked Certificate Alerts similar to:
Server detected revocation of certificate 'ABC123'. Error: 04000025:CERT_TRUST_IS_NOT_TIME_VALID:CERT_TRUST_IS_REVOKED:CERT_TRUST_IS_UNTRUSTED_ROOT:CERT_TRUST_IS_EXPLICIT_DISTRUST

Answer

The Built-in Revoked Certificate Alert (Tools > Alerts > Revoked Certificate Alert) has been Enabled. This Alert is designed to trigger when a Certificate Authority has revoked a Certificate that matches one in the environment.

Additional Notes

  • Typically a certificate would be revoked due to encryption keys being compromised, inaccurate information in the certificate, or if the Certificate Owner is no longer deemed as trusted.
  • In some instances customers configure this Alert so that they can take further action. This may include removing a Certificate Approval, or verifying no new files signed with the Revoked Certificate exist in the environment 
  • The Alert can be configured to trigger only for specific Publishers, "Example: Apple, Inc".

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-09-2023
Views:
237
Contributors