EDR: How to Configure Custom Certificates for SSO Login
search cancel

EDR: How to Configure Custom Certificates for SSO Login

book

Article ID: 288056

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Enable SSO to use a customer certificate that's different from the certificates used by the web UI and sensors for check-in. 

Environment

  • EDR Server: 6.2.2 and Higher
  • Single Sign-On enabled

Resolution

  1. Place custom certificates in the /etc/cb/certs/ directory on the master server. 
  2. Edit /etc/cb/sso/sso.conf on the master server
  3. Modify:
"encryption_keypairs": [{ 
"cert_file": "/etc/cb/certs/<FILE>.crt", 
"key_file": "/etc/cb/certs/<FILE>.key" 
}], 

"cert_file": "/etc/cb/certs/<FILE>.crt", 
"key_file": "/etc/cb/certs/<FILE>.key",
  1. Restart the cluster.

Additional Information

  • The values in the sso.conf file declare the location of the certificates used for SSO login on. Another config file controls where the certificates for web UI and sensor check-in are found. 
  • See the Cb Response Integration Guide for more information.