Before going into the details of scanning and regenerating certificates, it is essential to become familiar with the various types of certificates that Carbon Black EDR uses.
The following table defines key certificate types and their purposes in the Carbon Black EDR system.
| Certificate Name | Type | Usage |
|---|---|---|
| alliance | client-auth | Establishes a secure connection with the Carbon Black EDR Alliance Server. |
| legacy | server-auth | Default server certificate for secure communication between the sensor and server and between clients and the server. |
| client-ca | CA | Signs all client-side certificates for sensor-client identity authentication. |
| custom | server-auth | User-provided custom certificates that has two Subject Alternative Names (SANs) for secure communication between the sensor and server. |
| ui | server-auth | Establishes a secure connection for communication between clients and the server. |
| redis-ca | CA | Signs the Redis certificate. |
| redis | server-auth | Encrypts the Redis network communication in a cluster deployment. |
