This topic describes how to enable FIPS in Solr. The configuration changes and cryptographic module requirements ensure that Solr operates in a FIPS-compliant manner. By enabling FIPS in Solr, you can strengthen the security of your Carbon Black EDR deployment and meet the compliance needs of your organization.
For more information about cb.conf, see the Carbon Black EDR Server Configuration Guide.
Procedure
- Configure the following value in the cb.conf file after enabling FIPS mode on RHEL 8.2, 8.6, 8.7, or 8.8. Set the following attribute in cb.conf before starting Carbon Black EDR Server.
- The default value is
False.
- Set this value to
True to run Carbon Black EDR Server in FIPS mode.
- Set this attribute value to be same in all primary and minion nodes in a cluster environment. When adding nodes to a cluster, this attribute is automatically applied to newly added minion nodes. To convert an existing clustered environment to FIPS, set
EnableFips=Trueon all cluster nodes.
When EnableFips=True, Carbon Black EDR automatically creates the required keystore and certificate. The certificate is based on the keystore. The keystore and certificate are created in /etc/cb/certs/location. This path is not configurable because the Solr service uses the path internally.
- After configuring the preceding attribute in cb.conf, start the Carbon Black EDR Server:
For standalone systems:
/usr/share/cb/cbservice cb-enterprise start
For clustered systems:
/usr/share/cb/cbcluster start
