To regenerate the client certificate that Nginx uses for secure client-server communication, perform the following procedure.

For more information about cb.conf, see the Carbon Black EDR Server Configuration Guide.


  1. Generate and save a new certificate.
  2. Modify the SSLUICertFile and SSLUIKeyFile configurations in the /etc/cb/cb.conf file to point to the location where you saved the new certificate.
    • To use the Legacy certificate for this purpose, use the same crt and key values as the SSLCertFile and SSLKeyFile configurations in cb.conf.
    • If you are not using the default Carbon Black EDR certs path (/etc/cb/certs), verify that the cb user has explicit read permission for the new certificate.