The RSA NetWitness Platform leverages an internal Root Certificate Authority (CA) to issue out certificates to individual services and components to enable secure communications. This Root CA has an expiration that is 5 years from the date of initial installation. If the Root CA is not updated prior to expiration, your system services will lose their ability to securely communicate resulting in a system-wide outage.
The Root CA certificate within the RSA NetWitness Platform is created on 1st installation and the default length is 5 years. Version upgrades (to include from 10.x to 11.x) do not currently change this expiration date. Any customer running the RSA NetWitness Platform more than 4 years are recommended to check their certificates.
To make this easier going forward, we are also planning to add expanded alerting capabilities within a future release to alert administrators of expiring certificates and automated certificate refreshes during upgrades. The above mentioned manual checks are expected to be temporary measures to mitigate potential outages.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.