This section describes the tasks you perform to use Carbon Black EDR certificate management features.
You have two opportunities to use server certificates other than the default legacy certificate:
- During server initial installation and configuration, you can substitute your own certificate for the one that would be created by default. See Substituting a Legacy Certificate during Server Installation.
- After the server is installed and configured, you can add certificates through the console. You can do this whether or not you supplied a new legacy certificate during installation. See Add Certificates through the Console.
When you have the certificates you intend to use in place, you can:
- Choose the validation methods that sensors use for certificates. See Choosing a Validation Option.
- Specify the certificate to use for each sensor group or specify the certificate to use for all sensor groups. See Assigning Certificates to Sensor Groups.
You can add certificates, change validation method, and change certificates assigned to sensor groups later, but implementing an initial certificate configuration as soon as possible may be more efficient and prevent disruptions in server-sensor communication.