Hello Everyone,
Until now, typically certificates are validated by checking the signature hierarchy; MyCert is signed by IntermediateCert which is signed by RootCert, and RootCert is listed in my computer's "certificates to trust" store. Enabling the feature, makes the agent not to use the Local Root CA certificate Store anymore and use only the pinned roots.pem certificate file, this way protecting from Man In The Middle (MITM) attacks. For this the requirement for the agent is 8.3
Below is the path for the supported OS, where you can find the certificate.
For example, MITM attack can be implemented, where an attacker can configure a malicious secure proxy communication that will be used by the machine, diverting and intercepting all the agent’s communication securely. The secure communication can can be achieved by using a legitimate Root certificate installed by the attacker in the machine’s Root certificate store
Not using the Local Store and only using the trusted roots.pem file, can avoid this kind of attack.
Talking about the impact, please find the below information:
The agent checks for the root certificate in the roots.pem. If the Root signer is not found in roots.pem, the agent will check in the machine’s local store as fallback
If the agent can verify the certificate using one of the methods above, the communications succeeds.
Kindly find more information on enforcement levels:
Disabled (notify) default:
Disabled:
Enabled:
If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.
