Enabling certificate verification instructs all Carbon Black App Control Agents to verify the authenticity of the Carbon Black App Control Server certificate against a Certificate Authority or their Root certificates. This verification adds a level of security to communications because communications between agent and server cannot be spoofed.
There are three classes of certificate that might be used for Carbon Black App Control communications. Be aware of the differences before enabling verification:
- Third-party certificates – You can enable and use certificate verification successfully with certificates from a known certificate authority, assuming they are valid and up to date.
- Imported self-signed certificates – You can enable and use certificate verification successfully with your own imported, self-signed certificates, assuming they are valid and up to date.
- Self-signed certificates created during installation – The self-signed certificates generated by the Carbon Black App Control Server installation program are not from a known certificate authority, so certificate verification should never be used in that case. The Enable Certificate Verification button is not exposed when Carbon Black App Control detects a self-signed certificate that it created. To expose the Enable Certificate Verification button, contact VMware Carbon Black Support.
Enable Certificate Verification
To enable agents to verify the server communication certificate, perform the following procedure.
Caution: After you enable certificate verification, it cannot be revoked. Be certain that you have the certificate you want in place and confirm that you want to implement the feature.
Procedure
- On the console menu, click the Configuration (gear) icon and choose System Configuration.
- Click the Security tab. Make any changes you intend to make to the certificate, whether it is editing the details of a self-signed certificate or importing a new certificate from a file.
- In the Security Status panel, click Enable Certificate Verification and click OK in the confirmation dialog box. This action cannot be undone in the Carbon Black App Control Console.