000026885 - How to Replace Self-Signed SSL Certificates with CA Signed Certificates for Core Device Communication in RSA Security Analytics and RSA NetWitness.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026885
Applies ToRSA Security Analytics
RSA NetWitness NextGen
RSA NetWitness Decoder
RSA NetWitness Log Decoder
RSA NetWitness Concentrator
RSA NetWitness Hybrid
RSA NetWitness Broker
IssueHow to Replace Self-Signed SSL Certificates with CA Signed Certificates for Core Device Communication in RSA Security Analytics and RSA NetWitness.
Private Key Enable Netwitness using third party PKI certificates.
Resolution

Client requirements may demand replacing the built in self-signed RSA PKI certificates with certificates that are trusted in their environment. Usually this is done to leverage an existing PKI and provide an additional level of trust. The default self-signed certificates are RSA 2048 bit key pairs is described in Appendix-A.

The attached document and instructions assumes NextGen 9.8 in which the NetWitness directory structure is /etc/netwitness/ng. If an older version 9.7 or earlier then you would substitute /etc/netwitness/9.0.

NotesThese instructions are for configuring a Decoder, Concentrator, Log Decoder, Hybrid or Broker.
Legacy Article IDa60120

Attachments

    Outcomes