How-To restore agent connectivity when self-signed cert is set to "Validate"
Self-signed certificate was set to "Validate", thus breaking communications from agent to server.
Symptoms Agents disconnected when using self-signed cert, and cert is set to "Validate".
Cause Certificate verification should be set only when using a signed certificate that can be validated. When a self-signed cert is set to "Validate" in Cb Protection console, this breaks communications.
Any one of the below steps can fix this issue:
1. If there is an internal CA available, a new cert can be issued and imported into the Cb Console under "System Configuration" > "Security" tab. This is the quickest and easiest method to resolve this kind of issue.
2. The self-signed cert that was set to validate CANbe pushed using a GPO or SCCM to each endpoints trusted cert stores on each endpoint. This can be somewhat difficult to do and can be slow to update. One caveat to this method is the Global CLI password MUST be known.
3. Uninstall/Reboot/Reinstall the Cb Protection agent. This is only useful if the number of endpoints are very few in number. Additionally the requirement for this is to go into "shepherd_config.php" and set SSLMode to "1".
4. Buy and import into Cb Protection, a third-party cert from Go Daddy, Verisign, RSA, etc. Much like step one in ease, but will cost money and can be expensive. Important Note(s) 1. Ensure that the Global CLI password is known and available if the SCCM or GPO method is chosen.