To facilitate a smooth migration process from the legacy OpenSSL version to the RHEL 8-provided OpenSSL version 1.1.1, Carbon Black EDR introduces a utility command called certs within the cbssl maintenance script that is located at /usr/share/cb. This addition helps to streamline the transition.
| Command | Action |
|---|---|
| commands | Displays a list of available commands. |
| backup | Creates a backup of Carbon Black EDR Server's SSL certificates, their private keys, and a list of revoked sensor-side certificates. |
| certs | Scans and regenerates Alliance, Client Certificate Authority, Redis Certificate Authority, Redis, Server Legacy, and Custom certificates. |
| restore | Specifies the input backup file from which to restore data. The file must have been previously created by using the backup command. |
| sensor_certs | Views and revokes client-side sensor certificates. |
| sso | Generates SAML 2.0 Service Provider metadata XML based on information in the SSO configuration file. |
| Option | Action |
|---|---|
-h, --help |
Shows help message. |
--scan |
Prints a list of certificates that are incompatible with OpenSSL version 1.1.1+ and Nginx version 1.21.4+, together with the incompatibility reason and steps to regenerate the certificates. |
--regenerate=CERT |
Regenerates the specified certificate, or provides steps to perform the regeneration. |
--list-criteria |
Lists the criteria by which certificates are deemed incompatible. |
-c CONFIG_FILE, --config=CONFIG_FILE |
Specifies the config file to use. If none is specified, the default file is /etc/cb/cb.conf. |
