Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

How-To restore agent connectivity when self-signed cert is set to "Validate"

How-To restore agent connectivity when self-signed cert is set to "Validate"



Self-signed certificate was set to "Validate", thus breaking communications from agent to server.

Agents disconnected when using self-signed cert, and cert is set to "Validate".

Certificate verification should be set only when using a signed certificate that can be validated. When a self-signed cert is set to "Validate" in Cb Protection console, this breaks communications.


Any one of the below steps can fix this issue:

1. If there is an internal CA available, a new cert can be issued and imported into the Cb Console under "System Configuration" > "Security" tab. This is the quickest and easiest method to resolve this kind of issue.

2. The self-signed cert that was set to validate CAN be pushed using a GPO or SCCM to each endpoints trusted cert stores on each endpoint. This can be somewhat difficult to do and can be slow to update. One caveat to this method is the Global CLI password MUST be known.

3. Uninstall/Reboot/Reinstall the Cb Protection agent. This is only useful if the number of endpoints are very few in number. Additionally the requirement for this is to go into "shepherd_config.php" and set SSLMode to "1".

4. Buy and import into Cb Protection, a third-party cert from Go Daddy, Verisign, RSA, etc. Much like step one in ease, but will cost money and can be expensive.

Important Note(s)

1. Ensure that the Global CLI password is known and available if the SCCM or GPO method is chosen.

Was this article helpful? Yes No
No ratings
Article Information
Creation Date: