Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Response: Sensors failing to check in after applying custom cert

Cb Response: Sensors failing to check in after applying custom cert

Environment

  • Cb Response 6.x

Symptoms

  • The environment was recently configured to use a custom certificate for sensors or the certificate has expired
  • All sensors are failing to contact the server. In the sensor log, you see 0x80c8005a errors

  • C:\Windows\CarbonBlack\cb.exe -e 0x80c8005a

    0x80C8005A: Facility[CURL] Code[005A] Severity[1] SSL public key does not match pinned public key

Cause

The certificate has not been properly configured on the server or the sensors do not have the most recent certificate.

Resolution

It is important to understand that custom certificates for the back end are not supported. If you have a custom cert, we recommend setting up a multihome configuration so the UI can use the custom certificate while the back end continues to use the auto-generated cert.

When a new cert is applied, all sensors will need to be updated to use the new cert. This means that the sensor will need to be re-installed on each endpoint with the latest installer package or the cert must be applied via a modification to the registry.

If this is a new configuration, you will need to edit the following lines in /etc/cb/cb.conf to point to the new certificate

# SSL certificate and private key files to be used for HTTPS communications

# from the sensor to the enterprise server.

SSLCertFile=/etc/cb/certs/cb-server.crt

SSLKeyFile=/etc/cb/certs/cb-server.key

Related Content

Why are self signed certificate used for sensor communication?

Migrating to a 5.2/6.1 Multihome Configuration File

Multihome Configuration Troubleshooting

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-24-2018
Views:
1327
Contributors