Issue
The Carbon Black sensor is unable to communicate with the Carbon Black Server. The Server and Sensor logs display a large number of HTTPS certificate errors.
Environment
VMware Carbon Black EDR (Response)
Resolution
The only way around this is to allow the Server to bypass the SSL inspection process.
Cause
The Carbon Black Sensor ONLY communicates out to the Server, never the other way around. Normally, the Sensor and Server are able to successfully negotiate the HTTPS handshake by themselves. At this point they can then start sending encrypted data back and forth. In the case of SSL inspection, when the Carbon Black Sensor attempts to establish communication with the Server, the HTTPS requests are intercepted by the SSL inspection device and/or service. This SSL device or service is often referred to as a "middlebox".
One of the many things that is happening during SSL inspection is certificate validation. In other words, the SSL inspection service is looking at the certificate and validating that it's good. During this validation process, sometimes additional characters get added to the certificate. Because these additional characters are present the Server rejects the certificate. This results in certificate related errors and a connection is never established.
Comments
0 comments
Please sign in to leave a comment.