Environment
- Cb Protection Server: All Versions
- Microsoft Windows: All Versions
- Self-signed certificate on Cb Protection Console
Objective
How to get agents reconnected after accidentally enabling Certificate Verification in the CB Protection console when only using a self-signed certificate.
Resolution
- Purchase/Create a CA signed certificate with the appropriate Subject name and Subject Alternative Names for the Cb Protection Server
- Install new CA signed certificate on the Cb Protection Server using the instructions from the Cb Protection Using Guide
- Import the Root CA certificate for the new CA signed certificate on all agent endpoints:
- Go to Windows Start, Click RUN
- Type MMC
- Click OK.
- On the Microsoft Management Console (mmc) window, go to the File menu
- Click on 'Add/Remove Snap-In'
- Select Certificates
- Click on Computer Accounts
- Click on 'Local Computer'
- Click Finish
- Expand 'Certificates (Local Computer)'
- Expand 'Trusted Root Certification Authorities'
- Right Click on the sub-folder 'Certificates' and cliick on Import
- Import the Root CA certificate from Step 1
Once this is completed on all agent endpoints, they should re-register and show connected on the Cb Protection Console
Additional Notes
- You can validate the Subject Name and SANs on the existing self-signed certificate before purchasing/creating a new CA signed cert
- You can ask the certificate vendor for the Root CA certificate, so you can authorize all the endpoints you need connected
- Use a web browser to get the certificate. Access a web page on the server with HTTPS. Then use the web browser options to export the certificate to a .cer file.
Related Content