Environment
Symptoms
- The environment was recently configured to use a custom certificate for sensors or the certificate has expired
All sensors are failing to contact the server. In the sensor log, you see 0x80c8005a errors
C:\Windows\CarbonBlack\cb.exe -e 0x80c8005a
0x80C8005A: Facility[CURL] Code[005A] Severity[1] SSL public key does not match pinned public key
Cause
The certificate has not been properly configured on the server or the sensors do not have the most recent certificate.
Resolution
It is important to understand that custom certificates for the back end are not supported. If you have a custom cert, we recommend setting up a multihome configuration so the UI can use the custom certificate while the back end continues to use the auto-generated cert.
When a new cert is applied, all sensors will need to be updated to use the new cert. This means that the sensor will need to be re-installed on each endpoint with the latest installer package or the cert must be applied via a modification to the registry.
If this is a new configuration, you will need to edit the following lines in /etc/cb/cb.conf to point to the new certificate
# SSL certificate and private key files to be used for HTTPS communications
# from the sensor to the enterprise server.
SSLCertFile=/etc/cb/certs/cb-server.crt
SSLKeyFile=/etc/cb/certs/cb-server.key
Related Content
Why are self signed certificate used for sensor communication?
Migrating to a 5.2/6.1 Multihome Configuration File
Multihome Configuration Troubleshooting
