You can import a new SSL certificate. Keep the following in mind when planning to import a certificate.

  • You cannot import an expired certificate.
  • Only PKCS#12 certificates are supported. You cannot use another PKCS version. To use a certificate in another format, you must convert it to a PKCS#12 file format first.
  • When you import a certificate, the Edit button is removed from the Current Certificate Details panel because the imported certificate cannot be edited.
  • Carbon Black App Control supports use of multi-level certificates. The actual certificate must be specified last in the PKCS#12 container file.
  • Only a certificate matching the App Control Server hostname or IP address may be imported.
Important: After importing a new certificate, the new certificate will NOT display until after the time specified in the Update Schedule expires.

Import a new Certificate for Agent-Server Communications Security

To import a new certificate for agent-server communications security, perform the following procedure.

Note: During Carbon Black App Control Server installation, you must either generate a self-signed certificate or import a real certificate for the Carbon Black App Control Console. If you import a real certificate, you may use the same certificate for the Agent-Server communications and you do not need to complete the following procedure.

Procedure

  1. On the console menu, click the Settings (gear) icon and click System Configuration.
  2. Click the Security tab.
  3. In the Import Server Certificate panel, click Choose File to navigate to the location of your new certificate file. When you locate the file, click Open.
  4. Enter the password for the certificate file.
  5. Specify when the agent certificate should update and the Update Schedule, then click Import. A dialog box describes the impact of the change.
  6. To complete the certificate import, click OK in the confirmation dialog box.

Results

A status message reports on the success or failure of the import. If successful, the new certificate is installed in the certificate repository and all fields in the Current Server Certificate Details panel are updated.
Important: After importing a new certificate, the new certificate will NOT display until after the time specified in the Update Schedule expires.