|Applies To||This article applies to customers who have upgraded RSA NetWitness Platform appliances from older versions of 10.x to 11.x.|
|Issue||Customers that have upgraded their RSA NetWitness Platform appliances from older versions of 10.x to version 11.x may have internal RSA-issued security certificates that are close to expiring or which have already expired.|
|Cause||When upgrading the RSA NetWitness Platform from 10.6.x to 11.x, the older Certificate Authority (CA) along with other internal security certificates are still in use, even though the original expiration dates of these certificates were not updated and may be close to their expiration date.|
|Workaround||To determine if the systems may have internal RSA NetWitness Platform security certificates that are about to expire or already expired, perform the following tasks:|
1. Download the ca-expire-test.sh script from this article.
2. Using any available file transfer software (FileZilla, WinSCP, etc.), upload the ca-expire-test.sh script to the NetWitness UI server.
3. Once the file is uploaded, go to the location where the file is uploaded and change the permissions to allow it to be executed.
4. Next run the certification test on the NetWitness server.
5. If ran successfully, the following output will be displayed. The highlighted number below will be the number of days until the certificates are due to expire.
6. The number of days from the previous step provides an indicator of how much time remains before the certificates must be re-issued. If the days indicated by the re-issue date are less than 30 days. Please contact RSA Netwitness Support to help with the re-issue process.