Sec/User Mgmt: (Optional) Set Up Public Key Infrastructure (PKI) Authentication

Document created by RSA Information Design and Development on Apr 11, 2019
Version 1Show Document
  • View in full screen mode

Note: In 11.3 or later, PKI authentication can be used to access the NetWitness Platform UI.


PKI is an authentication method which allows the users to access the NetWitness Platform User Interface (UI) using digital certificates.

The certificates are issued by a Third-Party Certificate Authority (CA) which is external to NetWitness Platform. The following categories of certificates are required for PKI authentication:

  • Trusted CA Certificates
  • User Certificate (issued by the CA)
  • NetWitness Server Certificate (private key and its certificate chain) - Optional

Trusted CA Certificates

Trusted CA certificates are a collection of certificates used by NetWitness Platform as trusted authorities to validate the certificate provided by the user. If the user does not have a certificate signed by one of these CA(s), the user cannot access the NetWitness Platform UI.

User Certificate

A user certificate is issued by a CA that is trusted by NetWitness and is used by the NetWitness Platform user to present the user identity. By default, user certificates are identified by most browsers. If the certificates are not displayed, you must import the certificates into the browser certificates store.

NetWitness Server Certificate (Optional)

A NetWitness Server certificate is issued by a trusted CA and is used by NetWitness Server to present its identity. If you access the NetWitness Platform UI using HTTPS, the certificate is displayed in the web browser.

NetWitness Platform PKI Authentication Workflow

The following workflow shows how the user can access NetWitness Platform using PKI authentication.

The workflow of PKI authentication shows the following:

  1. Access the NetWitness Platform UI using the web browser. For example, https://nw-host/login
  2. The user is prompted to select the user certificate.

Note: The certificate prompt appears differently depending on the browser.

  1. The user selects the certificate. The browser sends the selected certificate to the NetWitness Platform for authentication.
  2. If the authentication is successful, the NetWitness Platform authorizes the user based on the user groups configured on the Active Directory Server and External Role Mapping in NetWitness.
  3. If the authorization is successful, the user is logged into the NetWitness Platform.

Note: If the certificate validation fails, the user cannot access the NetWitness Platform.

You are here
Table of Contents > (Optional) Set Up Public Key Infrastructure (PKI) Authentication