Errors After Enabling EDR FIPS Mode on RHEL/CentOS 8.9
Article ID: 287615
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
After adding the several settings to enable FIPs on RHEL 8.9, the following errors appear:
/var/log/cb/datastore/debug.log:
/var/log/cb/redis/redis.log:
/var/log/cb/datastore/debug.log:
Exception in cache update task redis.clients.jedis.exceptions.JedisConnectionException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
/var/log/cb/redis/redis.log:
Error accepting a client connection: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
Environment
- EDR Server: 7.8.x
- RHEL/CentOS: 8.9
Cause
- According to the EDR Cluster Management Guide 7.8.0, "Carbon Black EDR Server 7.8.0 in FIPS mode is officially supported on RHEL 8.2, 8.6, 8.7, and 8.8."
Resolution
- OS FIPS plus EDR FIPS mode are supported on RHEL 8.2, 8.6, 8.7, 8.8. and 8.10
- At this time FIPS is supported on 8.10 but has not been validated on 8.9
- EDR 7.8.0 can be successfully installed on RHEL 8.9 (with or without OS FIPS enabled). Only the EDR 7.8.0 FIPS mode cannot be enabled on RHEL 8.9
- The complete fix for EDR FIPS mode on RHEL 8.9 is expected in EDR 7.9.0 with an estimated release timeframe of 2024 fourth quarter
Feedback
Yes
No
Powered by
