How to use a custom CA certificate for Redis Authentication. 

• Carbon Black EDR Server: 7.8.0 and higher

1. Backup the current Redis certificates.

   mkdir /etc/cb/certs/redis_backup && cp /etc/cb/certs/cb-redis* /etc/cb/certs/redis_backup

2. Enable the environmental variable that will allow the utility to overwrite the existing CA certificate with the new one.

   export FORCE_REGENERATION=redis-ca

3. Create the Redis CA using your supplied CA

   /usr/share/cb/cbssl certs --regenerate redis-ca --redis-ca-cert-file <user_redis-ca_cert_file> --redis-ca-cert-key <user-redis-ca_cert_key> 

4. Enable the second environmental variable for the redis cert

   export FORCE_REGENERATION=redis

5. Create the Redis Certificate

   /usr/share/cb/cbssl certs --regenerate redis --redis-cert-file <user_redis_cert_file> --redis-cert-key <user-redis_cert_key>

6. Unset the environmental variables

   unset FORCE_REGENERATION

• This CA certificate should be specific to the EDR instance and not a shared CA cert with other environments.
• The Redis port 6379 should not be open to the outside internet. This port should only be localhost and for clustered instances open between minions.