000026885 - How to replace self-signed SSL certificates with CA signed certificates for core device communication in RSA Security Analytics and RSA NetWitness

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 30, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000026885
Applies ToRSA Product Set: NetWitness Platform
Issue
  • How to replace self-signed SSL certificates with CA signed certificates for core device communication in RSA Security Analytics and RSA NetWitness.
  • Private Key Enable NetWitness using third party PKI certificates.
Resolution

Client requirements may demand replacing the built in self-signed RSA PKI certificates with certificates that are trusted in their environment. Usually this is done to leverage an existing PKI and provide an additional level of trust. The default self-signed certificates are RSA 2048 bit key pairs is described in Appendix-A.



The document attached below and the instructions assumes NextGen 9.8 in which the NetWitness directory structure is /etc/netwitness/ng. If an older version 9.7 or earlier then you would substitute /etc/netwitness/9.0.

NotesThese instructions are for configuring a Decoder, Concentrator, Log Decoder, Hybrid or Broker.
Legacy Article IDa60120

Attachments

Outcomes