Troubleshooting Certificate Manager

If Certificate Manager is not performing as expected, you might need to troubleshoot issues or change settings.

Collect logs

Collect the action log and other tools files from the endpoint to send to Tanium Support.

  1. To collect the action log for the Deploy Certificate Audit [Windows] or Deploy Certificate Audit [Non-Windows] actions, use Tanium Client Management to directly connect to an endpoint and collect the Tanium Client Action Logs. For more information, see Tanium Client Management User Guide: Collect troubleshooting information.
  2. Collect the following file and folder from the <Tanium Client>\Tools\CertificateManager folder:
    • sslaudit.db
    • sensor_data
  3. Contact Tanium Support to determine the best option to send the files. For more information, see Contact Tanium Support.

Cannot view all chart panels in the dashboard


If users cannot view all chart panels in the Certificate Manager dashboard in Tanium Reporting, the user permissions might not have sufficient permissions.


In addition to the Certificate Manager roles, users must also include the following requirements:
  • be assigned a basic Interact role, such as Interact Read-Only User
  • have sufficient management rights, such as All Computers

For more information about Certificate Manager roles, see Set up Certificate Manager users.

Unexpected certificate audit results


If an endpoint shows the following error in the Protocol column, you might have to refresh a certificate audit on that endpoint: Error: Protocol and cipher suites do not exist. Run the Certificate Audit package.

Certificate audit status shows Failed for some endpoints.


  1. Verify that a certificate audit completed successfully.
  2. If the States of machines section shows any Failed statuses, click Show Client Status Details.
  3. Select one or more endpoints that show a Failed action status and click Get action log for selected machines.
  4. Review the action log to determine the cause of the failure.

ERROR - lsof was not found


To include the owning process data for Linux endpoints, the lsof command is required. If a Linux endpoint does not have lsof installed, the following error is found in the action log: ERROR - lsof was not found.


Check the action log for the Deploy Certificate Audit [Non-Windows] action to confirm the error and then install lsof. For more information about how to view the action log, see Tanium Console User Guide: Investigate action-related issues.

Contact Tanium Support

To contact Tanium Support for help, sign in to