You can update the SSL certificate on a Sensor Gateway when the certificate is about to expire or it has been compromised.
While changing the certificate, avoid getting the sensors permanently disconnected from the Carbon Black Cloud.
Prerequisites
Verify that all sensors are connected to the Sensor Gateway to access and download the new certificate.
Procedure
- Obtain a new certificate.
The new certificate must have the same common name (CN) as the current certificate.
- Navigate to the tab and double-click the Sensor Gateway for which you must renew the certificate.
- Locate the Certificate field and click Update.
- Click Upload File, select the newly obtained certificate, and upload it.
The
Carbon Black Cloud sends the new certificate to all sensors connected to the Cloud through this
Sensor Gateway. Then, each sensor sends a status back to the Cloud confirming if it has successfully accepted the new certificate.
- To see errors reported by the connected to the Sensor Gateway sensors, navigate to the tab.
- Select the Sensor Gateway from the Sensor Gateway filter facet.
- Select Errors from the Status filter facet.
- To see the details for the sensor reporting the error, double-click the relevant row.
Note: Continue with updating the certificate on the
Sensor Gateway only if there are no errors reported by the sensors in the
Carbon Black Cloud console.
- Replace the SSL certificate on the Sensor Gateway.
- Rename the new certificate to sgw_certificate.pem and its private key to sgw_key.pem
- Copy the new certificate public and private keys to the /data/certs folder on the Sensor Gateway device.
- Restart the Sensor Gateway by first retrieving its container ID
sudo docker ps -a
and then running the command sudo docker restart <contained id>
.
Results
It takes up to five minutes for the Sensor Gateway to register again with the Carbon Black Cloud.