You can import a new SSL certificate. Keep the following in mind when planning to import a certificate.
- You cannot import an expired certificate.
- Only PKCS#12 certificates are supported. You cannot use another PKCS version. To use a certificate in another format, you must convert it to a PKCS#12 file format first.
- When you import a certificate, the Edit button is removed from the Current Certificate Details panel because the imported certificate cannot be edited.
- Carbon Black App Control supports use of multi-level certificates. The actual certificate must be specified last in the PKCS#12 container file.
- Only a certificate matching the App Control Server hostname or IP address may be imported.
Import a new Certificate for Agent-Server Communications Security
To import a new certificate for agent-server communications security, perform the following procedure.
Note: During
Carbon Black App Control Server installation, you must either generate a self-signed certificate or import a real certificate for the
Carbon Black App Control Console. If you import a real certificate, you may use the same certificate for the Agent-Server communications and you do not need to complete the following procedure.
Procedure
- On the console menu, click the Configuration (gear) icon and click System Configuration.
- Click the Security tab.
- In the Import Server Certificate panel, click Browse to navigate to the location of your new certificate file. When you locate the file, click Open.
- Enter the password for the certificate file.
- Provide the necessary information and click Import. A dialog box describes the impact of the change.
- To complete the certificate import, click OK in the confirmation dialog box.