Cb Response: Sensors failing to check in after applying custom cert
Cb Response 6.x
The environment was recently configured to use a custom certificate for sensors or the certificate has expired
All sensors are failing to contact the server. In the sensor log, you see 0x80c8005aerrors
C:\Windows\CarbonBlack\cb.exe -e 0x80c8005a
0x80C8005A: Facility[CURL] Code[005A] Severity SSL public key does not match pinned public key
The certificate has not been properly configured on the server or the sensors do not have the most recent certificate.
It is important to understand that custom certificates for the back end are not supported. If you have a custom cert, we recommend setting up a multihome configuration so the UI can use the custom certificate while the back end continues to use the auto-generated cert.
When a new cert is applied, all sensors will need to be updated to use the new cert. This means that the sensor will need to be re-installed on each endpoint with the latest installer package or the cert must be applied via a modification to the registry.
If this is a new configuration, you will need to edit the following lines in /etc/cb/cb.conf to point to the new certificate
# SSL certificate and private key files to be used for HTTPS communications