CbServerSSLCertStrictCheck

This parameter sets the validation method for server certificates used for server to sensor communication.

Default: < none>

If no value is provided (the default), validation method can be changed by radio buttons on the Settings page in the Carbon Black EDR console.

If the value is False , the legacy certificate pinning method is used, and certificate expiration does not interrupt server-sensor communication.

If the value is True , strict certificate validation is used. If the certificate has expired or fails any other validation requirements, server-sensor communication is disabled.

Caution:

For sensors that support custom certificates, do not enable strict validation if you are using the legacy certificate created during server installation. Using strict validation for legacy certificates (or any other certificate that cannot pass validation) disables communication between the sensor and server, and can require uninstalling and reinstalling sensors. This is not an issue with sensors that do not support custom certificates.

Important: You must restart the server or cluster for a change to this setting to take effect.

Note: New in version 6.4.0.