Environment

• EDR Server: 7.8.0
• RHEL/CentOS:  8.9 

Symptoms

Exception in cache update task
redis.clients.jedis.exceptions.JedisConnectionException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Error accepting a client connection: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

Cause

• According to the EDR Cluster Management Guide 7.8.0,  "Carbon Black EDR Server 7.8.0 in FIPS mode is officially supported on RHEL 8.2, 8.6, 8.7, and 8.8."

Resolution

• OS FIPS plus EDR FIPS mode are supported on RHEL 8.2, 8.6, 8.7, and 8.8.
• EDR 7.8.0 can be successfully installed on RHEL 8.9 (with or without OS FIPS enabled).  Only the EDR 7.8.0 FIPS mode cannot be enabled on RHEL 8.9.
• The complete fix for EDR FIPS mode on RHEL 8.9 is expected in EDR 7.9.0 with an estimated release timeframe of 2024 fourth quarter.  

Additional Notes

• RHEL 8.8 was released in May 2023 and EDR FIPS was tested and approved.  RHEL 8.9 was released Nov 2023 and the development and testing are ongoing as of Mar 2024.

Related Content

• RHEL release dates:  Red Hat Enterprise Linux Release Dates - Red Hat Customer Portal
• EDR Cluster Management Guide: FIPS 140-2 on RHEL 8