The crl.godaddy.com and ocsp.godaddy.com domains use OCSP (Online Certificate Status Protocol) and Certificate Revocation List (CRL) checks to validate a sensor's install certificate. You can disable this check.
Caution: You can disable CRL checks either during or after a sensor installation. However, disabling CRL can potentially open devices up to
man in the middle attacks if
Carbon Black Cloud revokes the certificate (this has never happened), and if an attacker then leverages the revoked certificate for such an attack.
For more information about RepCLI, see Managing Sensors by using RepCLI in the User Guide.
To disable CRL check during an initial sensor install:
Using the command line install method, add the CURL_CRL_CHECK=0
option to the install command. For example:
msiexec.exe /q /i CBDefense-setup.msi /L*vx log.txt CURL_CRL_CHECK=0
To disable CRL checks after the sensor is installed: