EDR: Does an upgrade to EDR 7.8.0 require regenerating the Legacy certificate?
book
Article ID: 289424
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Does an upgrade to EDR 7.8.0 require regenerating the Legacy certificate?
Environment
EDR Server: 7.8.0 version
Resolution
No, regenerating the Legacy server certificate is not required as part of the upgrade to EDR 7.8.0 and can be performed at a later time.
Additional Information
Any EDR generated certificates that were created prior to EDR Server 7.1.0 would have used SHA-1 hashing.
The EDR 7.8.0 Server Cluster Management Guide has a section "Migration from Legacy to System OpenSSL on EL 8" where it provides a summary of security implications when using SHA-1 certificates and also provides information on how to regenerate the Legacy server certificate to mitigate those risks.