App Control: How to Revert SSL Strong Mode/Certificate Verification When Enabled Accidentally
App Control Server: All Versions
Certificate Verification/SSL Strong Mode enabled
Revert the changes made by accidentally enabling Certificate Verification/SSL Strong Mode.
Login to the console as an admin
Head to: https://<bit9 server>/shepherd_config.php
Find the Defined Property value of "SSLMode"
Change the value to 1
Save the changes
Any agents that do not check in after making this change will need to be manually updated via command line:
cd C:\Program Files (x86)\Bit9\Parity Agent
dascli password <CLI/Global CLI Password>
dascli sslmode 1
There are two other workarounds that can be applied to the agents that do not check in after reverting the SSLMode: 1) Use the following solution to manually import the self-signed certificate: Exporting and importing self-signed certificate for disconnected machine 2) Purchase a 3rd Party Verifiable Certificate from a CA and deploy this to the server and all agents.