Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Export Connector Install: Configure SSL

Document created by RSA Information Design and Development Employee on Oct 15, 2020
Version 1Show Document
  • View in full screen mode
 

Configure SSL

Note: When configuring the Logstash, you may need to specify sensitive settings such as passwords. You can use the Logstash keystore to securely store secret values instead of file system permissions for using it in configuration settings. For more information, see Logstash keystore Documentation.

To support trusted connections, the Decoder or Log Decoder has two ports, an unencrypted non-SSL port and an encrypted SSL port. Trusted connections require the encrypted SSL port.

To establish trusted connection for the Decoder or Log Decoder with Logstash, add the following parameters in the Logstash Configuration file (netwitness-<decoder-ip>-input.conf) to enable the SSL mode.

                                 
ParametersSettingsParameter TypeDefault Value
ssl_enableSet the value to ‘true’ to enable SSL

Boolean

false
ssl_certificate_pathEnter the path of the Logstash keystore file. The keystore file must be in .p12 formatStringN/A
ssl_certificate_passwordEnter the password of the keystore

String

N/A

Certificate and Keystore

The NetWitness Export Connector must have a valid CA (Certificate Authority) certificate and a server certificate to establish a trusted connection with Decoders or Log Decoders.

Create a CA certificate

To create a CA certificate, do the following steps.

  1. SSH to NW Logstash host.
  2. Change the directory to /root by running the following command.
    cd /root

  3. Create a private key of 2048 bits by running the following command.
    openssl genrsa -out CA-key.pem 2048

  4. Create a CA certificate by running the following command.
    openssl req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem

Create Certificate Signing Request (CSR) and Keystore

Do the following steps provided in this procedure to create a CSR for server and Keystore for the NetWitness Export Connector. You must submit the CSR to the Certificate Authority (CA) server to obtain a server certificate. Once the server certificate is created, do the following steps to package the private key and the signed certificate that must be uploaded to the Logstash keystore.

To create a CSR, do the following steps.

Note: You can skip till step 6 if you have PEM already available.

  1. SSH to NW Logstash host.
  2. Change the directory to /root by running the following command.
    cd /root

  3. Create a private key of 2048 bits by running the following command.
    openssl genrsa -out server-key.pem 2048
  4. Create a CSR by running the following command.
    openssl req -new -key server-key.pem -out signingReq.csr
  5. Submit the CSR to the CA and get a signed server certificate by running the following command.
    openssl x509 -req -days 1000 -in signingReq.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out server-cert.pem
  6. Create a Keystore for the NetWitness Export Connector by running the following command.
    - openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -certfile CA-cert.pem -out logstash-input-netwitness.p12
  7. Copy the /etc/pki/nw/trust/truststore.pem from the Decoder or Log Decoder to the Logstash host by running the following command.
    scp /etc/pki/nw/trust/truststore.pem <logstash ssh username>@<logstash destination directory path>
  8. Import truststore.pem from the Decoder or Log Decoder to the Logstash keystore (logstash-input-netwitness.p12) by running the following command.
    keytool -importcert -keystore logstash-input-netwitness.p12 -trustcacerts -alias nw-inter -file truststore.pem -storetype PKCS12

Note: truststore.pem is same for all Decoders, if the Logstash is aggregating from same NetWitness Platform setup. If the Logstash is aggregating from two different NetWitness Platform setups, you must copy the truststore.pem for each Decoders.

  1. Copy logstash-input-netwitness.p12 file to the /etc/logstash directory by running the following command.
    cp logstash-input-netwitness.p12 /etc/logstash
  2. Change the owner of logstash-input-netwitness.p12 as Logstash by running the following command.
    chown logstash:logstash /etc/logstash/logstash-input-netwitness.p12

Note: You must use the same keystore "logstash-input-netwitness.p12" for all NetWitness Platform hosts that is integrated with Logstash.

  1. Connect to the Decoders to add the server-cert.pem to trustpeer and caupload APIs by running the following commands. You can also use to REST API port to connect.
    curl -X POST -d server-cert.pem http://<logdecoder or decoder IP>:<logdecoder or decoder REST port>/sys/trustpeer
    curl -X POST -d server-cert.pem http:// <logdecoder or decoder IP>:<logdecoder or decoder REST port>/sys/caupload

Note: If you are not able to use the REST API, follow the below steps to copy the certificates to /sys peerCert and /sys caCert APIs using NetWitness Platform CLI .
1. SSH to Admin Server.
2. Type "help" for a list of commands or "man" for a list of manual pages.
3. Run the following command.
login localhost:50002 <username> <password>
3. Run the following commands.
send /sys peerCert op=add --file-data=/root/server-cert.pem
send /sys caCert op=add --file-data=/root/server-cert.pem

  1. Restart the Logstash service running the following command.
    systemctl restart logstash

Note: If you are using an untrusted certificate, copy the truststore.pem file from the Decoder or Log Decoder and import it to <JAVA_HOME>/lib/security/cacerts for the Logstash service to trust the CA certificate of Decoder or Log Decoder. For example: keytool -importcert -file </path/to/file/>truststore.pem -keystore /usr/java/jdk-X.Y.Z/lib/security/cacerts -alias nw-core-cert -storepass <password>

You are here
Table of Contents > Configure NetWitness Export Connector > Configure SSL

Attachments

    Outcomes