000038001 - Re-issuing security certificates on version 11.x of the RSA NetWitness Platform

Document created by RSA Customer Support Employee on Sep 26, 2019Last modified by RSA Customer Support Employee on Sep 26, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000038001
Applies ToThis article applies to customers who have upgraded RSA NetWitness Platform appliances from older versions of 10.x to 11.x.
IssueCustomers that have upgraded their RSA NetWitness Platform appliances from older versions of 10.x to version 11.x may have internal RSA-issued security certificates that are close to expiring or which have already expired.
CauseWhen upgrading the RSA NetWitness Platform from 10.6.x to 11.x, the older Certificate Authority (CA) along with other internal security certificates are still in use, even though the original expiration dates of these certificates were not updated and may be close to their expiration date.
WorkaroundTo determine if the systems may have internal RSA NetWitness Platform security certificates that are about to expire or already expired, perform the following tasks:

1. Download the ca-expire-test.sh script from this article.

2. Using any available file transfer software (FileZilla, WinSCP, etc.), upload the ca-expire-test.sh script to the NetWitness UI server.

3. Once the file is uploaded, go to the location where the file is uploaded and change the permissions to allow it to be executed.

# chmod +x ca-expire-test.sh


4. Next run the certification test on the NetWitness server.

# ./ca-expire-test.sh --version 11.x


5. If ran successfully, the following output will be displayed. The highlighted number below will be the number of days until the certificates are due to expire.

The NW Platform CA Certificate will expire on:  Jun 21 14:33:51 2029 GMT
The NW SSCA will expire on:                     Jun 21 14:36:06 2029 GMT
The NW Node Certificate will expire on:         Mar 20 14:37:11 2022 GMT

#########################################################

You must re-issue certificate within 905 days

#########################################################


6. The number of days from the previous step provides an indicator of how much time remains before the certificates must be re-issued. If the days indicated by the re-issue date are less than 30 days. Please contact RSA Netwitness Support to help with the re-issue process.

 

Attachments

Outcomes