This section describes how to enable FIPS in a Carbon Black EDR environment that is running on RHEL 8.
The Federal Information Processing Standard (FIPS) Publication 140-2 is a computer security standard that was developed by the U.S. Government and industry working groups to validate the quality of cryptographic modules. With the release of Carbon Black EDR Server 7.8.0, Carbon Black EDR can be installed and run on a FIPS-enabled RHEL 8.2, 8.6, 8.7, or 8.8 server.
-
With Carbon Black EDR Server release 7.8.0, Carbon Black EDR is shipping two versions of OpenResty: one that uses a non-FIPS compliant
OpenSSLand one that uses a RHEL 8-provided FIPS-compliantOpenSSL.If you are upgrading from earlier versions of Carbon Black EDR Server, you must first upgrade to Carbon Black EDR 7.8.0 and fix all the certificates using the
cbsslutility. Older certificates might not be compatible withOpenSSL1.1.1 and must be regenerated. Certificate incompatibility can apply to legacy and custom certificates.After you have verified that all certificates are fixed, you can remove the old version of
OpenRestyand install a new version. -
With Carbon Black EDR Server release 7.8.0, Carbon Black EDR has upgraded the RabbitMQ package to 3.10.20 for RHEL 8.
