This section describes how to enable FIPS in a Carbon Black EDR environment that is running on RHEL 8.

The Federal Information Processing Standard (FIPS) Publication 140-2 is a computer security standard that was developed by the U.S. Government and industry working groups to validate the quality of cryptographic modules. With the release of Carbon Black EDR Server 7.8.0, Carbon Black EDR can be installed and run on a FIPS-enabled RHEL 8.2, 8.6, 8.7, or 8.8 server.

Note:
  • With Carbon Black EDR Server release 7.8.0, Carbon Black EDR is shipping two versions of OpenResty: one that uses a non-FIPS compliant OpenSSL and one that uses a RHEL 8-provided FIPS-compliant OpenSSL.

    If you are upgrading from earlier versions of Carbon Black EDR Server, you must first upgrade to Carbon Black EDR 7.8.0 and fix all the certificates using the cbssl utility. Older certificates might not be compatible with OpenSSL 1.1.1 and must be regenerated. Certificate incompatibility can apply to legacy and custom certificates.

    After you have verified that all certificates are fixed, you can remove the old version of OpenResty and install a new version.

  • With Carbon Black EDR Server release 7.8.0, Carbon Black EDR has upgraded the RabbitMQ package to 3.10.20 for RHEL 8.