RSA recommends that RSA NetWitness Platform administrators verify their certificates

Document created by RSA Product Team Employee on Sep 26, 2019Last modified by RSA Product Team Employee on Sep 26, 2019
Version 2Show Document
  • View in full screen mode

The RSA NetWitness Platform leverages an internal Root Certificate Authority (CA) to issue out certificates to individual services and components to enable secure communications. This Root CA has an expiration that is 5 years from the date of initial installation. If the Root CA is not updated prior to expiration, your system services will lose their ability to securely communicate resulting in a system-wide outage.


Customers Impacted

The Root CA certificate within the RSA NetWitness Platform is created on 1st installation and the default length is 5 years. Version upgrades (to include from 10.x to 11.x) do not currently change this expiration date. Any customer running the RSA NetWitness Platform more than 4 years are recommended to check their certificates. 


Recommended Actions


To make this easier going forward, we are also planning to add expanded alerting capabilities within a future release to alert administrators of expiring certificates and automated certificate refreshes during upgrades.   The above mentioned manual checks are expected to be temporary measures to mitigate potential outages.


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.