• Upgrade the Alliance certificates to increase security.
• If the following command returns 'sha1', then get a SHA256 Alliance certificate by following this process

Run:
openssl x509 -noout -text -in /etc/cb/certs/carbonblack-alliance-client.crt | grep sha

Returns:
Signature Algorithm: sha1WithRSAEncryption  <--  Obtain an updated Alliance Certificate.
Signature Algorithm: sha256WithRSAEncryption  <--- Expected value.

• EDR Server: 7.7.2 and higher
• EDR Container: 7.7.2 and higher
• Operating Systems: CentOS/RHEL 7, CentOS/RHEL 8, Photon4

The Alliance server certificate has recently increased security to use the SHA256 algorithm. 
All new RPM's are SHA256 by default.
Existing customers can download the new rpm (version 1.0.4 or greater) which includes the updated Alliance certificate 

For EDR Containers:
1. Copy the new rpm inside the existing running docker container using docker cp  

docker cp <new_license_rpm> <container_id>:/

2.  Regenerate the Alliance Cert by following this process using the new RPM

For on-prem EDR standalone servers and EDR cluster servers (both Primary and Minion): 

Follow this process in order to regenerate and replace the Alliance Cert with a SHA256 version

Confirm:  Confirm the new Alliance certificate is working by tailing the /var/log/cb/coreservices/debug.log or the /var/log/cb/enterprise/enterprise.log and running the “Check New Feeds” on the Threat Intelligence page. Confirm the CA_MD_TOO_WEAK errors are not appearing in the logs now that the communication is implementing stronger certs.