EDR: How to Configure Custom Certificates for SSO Login

EDR: How to Configure Custom Certificates for SSO Login

search cancel

EDR: How to Configure Custom Certificates for SSO Login

book

Article ID: 288056

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Enable SSO to use a customer certificate that's different from the certificates used by the web UI and sensors for check-in.

Environment

EDR Server: 6.2.2 and Higher
Single Sign-On enabled

Resolution

Place custom certificates in the /etc/cb/certs/ directory on the master server.
Edit /etc/cb/sso/sso.conf on the master server
Modify:

"encryption_keypairs": [{ 
"cert_file": "/etc/cb/certs/<FILE>.crt", 
"key_file": "/etc/cb/certs/<FILE>.key" 
}], 

"cert_file": "/etc/cb/certs/<FILE>.crt", 
"key_file": "/etc/cb/certs/<FILE>.key",

Restart the cluster.

Additional Information

The values in the sso.conf file declare the location of the certificates used for SSO login on. Another config file controls where the certificates for web UI and sensor check-in are found.
See the Cb Response Integration Guide for more information.

Feedback

thumb_up Yes

thumb_down No