Redis certificates are essential for enabling Redis network encryption in the Carbon Black EDR environment. This section provides the combined steps for regenerating both the Redis CA and Redis certificates. If the Redis CA is regenerated, the Redis certificates must also be regenerated accordingly.

Procedure

  1. Stop the Carbon Black EDR enterprise or cluster.
    Note: If RedisUseSSL is disabled, you do not need to stop the enterprise or cluster.
  2. Regenerate Redis CA using one of the following options:
    • To generate a new Redis CA, run the following command:

      /usr/share/cb/cbssl certs --regenerate redis-ca

    • To use a custom certificate, provide the path to your certificate and key:

      /usr/share/cb/cbssl certs --regenerate redis-ca --redis-ca-cert-file <user_redis-ca_cert_file> --redis-ca-cert-key <user-redis-ca_cert_key>

  3. Regenerate the Redis certificate using one of the following options:
    • To generate a new Redis certificate, run the following command:

      /usr/share/cb/cbssl certs --regenerate redis

    • To use a custom certificate, provide the path to your certificate and key:

      /usr/share/cb/cbssl certs --regenerate redis --redis-cert-file <user_redis_cert_file> --redis-cert-key <user-redis_cert_key>

  4. If you have a Carbon Black EDR cluster deployment, you must synchronize the regenerated certificate across the cluster. Run the following command:
    /usr/share/cb/cbcluster sync-certs --cert redis
  5. Start the Carbon Black EDR enterprise or cluster.
    Note: If RedisUseSSL is disabled, you do not need to start the enterprise or cluster.