EDR: How to use custom password-protected web certificates
search cancel

EDR: How to use custom password-protected web certificates

book

Article ID: 285831

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To enable an on-prem EDR cluster to use a password-protected (encrypted) cert and key file for the custom web UI. 

Environment

  • EDR: 7.5.0 and Higher

Resolution

  1. Follow all directions to Customize the Web UI Port and Implement Custom Web UI Certificates.
  2. Modify /etc/cb/nginx/conf.d/cb.conf (or possibly the /etc/cb/nginx/conf.d/cb.multihome.conf file if the cluster uses that configuration) 
  3. Add a new ssl_passoword_file line above the existing certificate lines:
Change: 
ssl_certificate /etc/cb/certs/[filename].crt;
ssl_certificate_key /etc/cb/certs/[filename].key;

to: 
ssl_password_file /etc/cb/certs/ssl_passwords.txt;
ssl_certificate /etc/cb/certs/[filename].crt;
ssl_certificate_key /etc/cb/certs/[filename].key;
  1. Create a new text file located at /etc/cb/certs/ssl_passwords.txt
  2. Enter the certificate password into the first line of the ssl_passwords.txt file. 
  3. Restart the EDR cluster. 

Additional Information

Ideally, the ssl_passwords.txt file should be created by user root. 644 permissions is fine.
Powered by Wolken Software