Agent-Server Communications Certificate Details

This topic lists certificate details for communications between the Carbon Black App Control Agent and Carbon Black App Control Server.

Table 1. Agent-Server Communications Certificate Details
Field	Description
`Thumbprint`	The unique identifier for the certificate.
`Common Name`	The fully qualified domain name of the Carbon Black App Control Server to which your agents are connected.
`Expiration Date` `Valid For`	Date and time when the certificate will expire. When you are editing the certificate details, this field changes to `Valid For` and provides a text box into which you can enter the number of days or years you want the certificate to be valid. Note: You cannot enter a `Valid For` period longer than 20 years or 7300 days for a self-signed certificate.
`Country Code`	Standard two-letter country code for the organization that is responsible for the certificate.
`State`	State (if applicable)
`City`	City
`Company`	Company responsible for the certificate
`Department`	Department (if any) within the company
`Email Address`	Contact information for more information about the certificate.
`Subject Alternative Name`	Subject Alternative Name (SAN) is an alternative means of verifying the certificate against the server hostname. SAN allows the use of multiple DNS names or IP addresses, separated by commas, for a single server. The certificate can be verified even when there is access from different network routes, or the same certificate can be used on multiple servers. The `Subject Alternative Name` field is empty by default. A tooltip shows the required format. The following is an example of the format for a SAN entry: DNS=cbprotection.example.com, DNS=cbprotection.example.local,IP=10.0.8.123 You can use wildcards in a DNS name.
`Agent Certificate Update`	Select from the two options when you want the certificate to update. Options include: `Use the expiration date of the current certificate` If you select this option, you must also use the Update Schedule to specify how many minutes prior to the certificate expiration you want the new certificate to activate. `Expire the current certificate based on the update schedule` If you select this option, you must also use the Update Schedule to specify how many minutes from now you want to expire the current certificate and activate the new certificate. Important: After generating a new certificate, a banner displays: `New certificate was successfully generated. It will be applied in <xx> minutes. This page will reflect the new certificate below after this time.` The new certificate will NOT display until after the time specified in the Update Schedule expires.
`Update Schedule`	Use this field to specify when the certificate will update. This field varies slightly depending on the `Agent Certificate Update` option that you select. Important: After generating a new certificate, a banner displays: `New certificate was successfully generated. It will be applied in <xx> minutes. This page will reflect the new certificate below after this time.` The new certificate will NOT display until after the time specified in the Update Schedule expires.