If you are an existing Carbon Black EDR customer and want to migrate to RHEL 8 FIPS, you must update the license file. The new license file has the SHA-256 certificates that work in a FIPS-enabled environment.

This path is designed for users who are currently running Carbon Black EDR on RHEL 8 without FIPS mode enabled.

Prerequisites

Contact Carbon Black EDR Technical Support and request a FIPS-compatible license file.

Procedure

  1. Upgrade the Carbon Black EDR Server to 7.8.0. See Upgrading a Server.
  2. Follow the instructions in Migration from Legacy to System OpenSSL on EL 8.
    Note: This step is essential to ensure that the certificates used by Carbon Black EDR are compatible with RHEL 8 FIPS mode.
  3. Enable FIPS mode on the required machines at the OS level. See Enable FIPS Mode on a RHEL 8 Machine.
    Note: If you have a cluster deployment, perform this step on all nodes. Do not reboot the machines until after you have performed Step 4.
  4. Enable FIPS in Solr for Carbon Black EDR. See Solr FIPS.
    Note: If you have a cluster deployment, perform this step on all nodes. If you have already added a node as a non-root user, you must update the sudoers file. See Required User Privileges.