This topic summarizes Carbon Black EDRcertificate management.

• Add and delete certificates – You can add new certificates and delete certificates from your server.
• View certificate inventory – A table lists all server certificates that are available on the current server, how many sensors are using each one, and additional certificate information.
• Choose validation method – You can use standard certificate “pinning” validation, which only requires that sensors have a certificate matching the server, or you can add stricter validation methods. A certificate that uses standard validation continues to allow sensor and server to communicate even after it expires. but strict validation disables communication after expiration.
• Be notified of expiring certificates – When a certificate is close to its expiration date, an alert banner can be displayed at the top of each console page. You can set the number of days in advance you want to be warned, or turn off warnings. Deleting the expired certificate eliminates the notification.
• Assign and change certificates by sensor group or apply one to all sensor groups – If you have more than one certificate available, you can choose the certificate that is assigned to secure server communications for each sensor group. You can also apply one certificate to all sensor groups. This can be done for both the initial certificate assignment and to assign a new certificates — for example if a certificate is ready to expire.
• View the certificate for a sensor – The Sensors page shows the server certificate that was used for the last successful check-in for each sensor.
• Control access to certificate features – Because of their security implications, certificate management features require Global Administrator privileges on the server.