Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to use custom password-protected web certificates

EDR: How to use custom password-protected web certificates

Environment

  • EDR: 7.5.0 and Higher

Objective

To enable an on-prem EDR cluster to use a password-protected (encrypted) cert and key file for the custom web UI. 

Resolution

  1. Follow all directions to Customize the Web UI Port and Implement Custom Web UI Certificates.
  2. Modify /etc/cb/nginx/conf.d/cb.conf (or possibly the /etc/cb/nginx/conf.d/cb.multihome.conf file if the cluster uses that configuration) 
  3. Add a new ssl_passoword_file line above the existing certificate lines:
Change:
ssl_certificate /etc/cb/certs/[filename].crt;
ssl_certificate_key /etc/cb/certs/[filename].key;

to:
ssl_password_file /etc/cb/certs/ssl_passwords.txt;
ssl_certificate /etc/cb/certs/[filename].crt;
ssl_certificate_key /etc/cb/certs/[filename].key;
  1. Create a new text file located at /etc/cb/certs/ssl_passwords.txt
  2. Enter the certificate password into the first line of the ssl_passwords.txt file. 
  3. Restart the EDR cluster. 

Additional Notes

Ideally, the ssl_passwords.txt file should be created by user root. 644 permissions is fine.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-10-2021
Views:
374
Contributors