PKI is an authentication method which allows the users to access the NetWitness Platform User Interface (UI) using digital certificates.
The certificates are issued by a Third-Party Certificate Authority (CA) which is external to NetWitness Platform. The following categories of certificates are required for PKI authentication:
- Trusted CA Certificates
- User Certificate (issued by the CA)
- NetWitness Server Certificate (private key and its certificate chain) - Optional
Trusted CA certificates are a collection of certificates used by NetWitness Platform as trusted authorities to validate the certificate provided by the user. If the user does not have a certificate signed by one of these CA(s), the user cannot access the NetWitness Platform UI.
A user certificate is issued by a CA that is trusted by NetWitness and is used by the NetWitness Platform user to present the user identity. By default, user certificates are identified by most browsers. If the certificates are not displayed, you must import the certificates into the browser certificates store.
A NetWitness Server certificate is issued by a trusted CA and is used by NetWitness Server to present its identity. If you access the NetWitness Platform UI using HTTPS, the certificate is displayed in the web browser.
NetWitness Platform PKI Authentication Workflow
The workflow of PKI authentication shows the following:
- Access the NetWitness Platform UI using the web browser. For example, https://nw-host/login.
- The user is prompted to select the user certificate.
- The user selects the certificate. The browser sends the selected certificate to the NetWitness Platform for authentication.
- If the authentication is successful, the NetWitness Platform authorizes the user based on the user groups configured on the Active Directory Server and External Role Mapping in NetWitness.
- If the authorization is successful, the user is logged into the NetWitness Platform.