Carbon Black uses a certificate chain file to perform a proper OCSP stapling.

You can generate a certificate chain by using any online Certificate Chain Composer. For example, the KeyCDN Tools. The following procedure is an example of creating the certificate chain by using the Certificate Chain Composer.

Procedure

  1. Edit the certificate sgw_certificate.pem in any editor of your choice and copy all the content between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
    If your certificate has the chain already, you might want to copy only the first occurrence of -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
  2. Paste the content in the text box on the Certificate Chain Composer site and click Compose.
    It generates the certificate chain in the lower half of the page.
  3. Copy the entire content and save it as the sgw_chain.pem file.
  4. Copy the sgw_chain.pem file in the /data/certs directory on the Linux server hosting the Sensor Gateway.