000026883 - How to enable SSL on an RSA NetWitness NextGen appliance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026883
Applies ToRSA NetWitness NextGen
RSA NetWitness Decoder
RSA NetWitness Log Decoder
RSA NetWitness Concentrator
RSA NetWitness Hybrid
RSA NetWitness Broker
RSA NetWitness Investigator
RSA NetWitness Administrator
IssueHow to enable SSL on an RSA NetWitness NextGen appliance.
Resolution

There are several essential steps to the process. Please be warned that this may have a significant performance impact.   (See the note below)

  1. Enable SSL communication in the service properties using the RSA NetWitness Administrator thick client.
    1. Double-click on the appliance service.
    2. Clicking on the System tab in the upper-right corner.
    3. Click on the Edit Properties button in the upper-left corner.
    4. Double-click on the value for SSL (which should be defined as off) and replace it with on.
    5. Click OK.
    6. Repeat the steps above for all other appropriate services on the appliance.
  2. Restart the services after making the changes in Step 1 for all relevant services.
  3. In NetWitness Administrator, edit the settings for each connection in the left-hand pane and select the Use SSL option and reconnect to your devices.
  4. In NetWitness Administrator, connect to any Brokers or Decoders that will be connected to Concentrators or Decoders and on the device's dashboard take each connected device offline and edit it's properties to use an SSL connection (unless you elect to NOT encrypt traffic between your appliances in which case follow the steps outlined in the knowledgebase article How to allow non-SSL to SSL communications between RSA NetWitness appliances).
  5. In NetWitness Investigator, edit the settings for each connection in the left-hand pane and select the Use SSL option.

After following the steps above, SSL will be successfully enabled on the appliance.

 

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

NotesNote (versions prior to 9.5.5.10):   
Encrypting traffic between appliances (as opposed to encrypting management between appliances and NetWitness Administrator and/or NetWitness Investigator) will place a heavy, sustained load on the system above and beyond any load it is currently experiencing.  This is not recommended unless you have adequately mapped performance/impact beforehand.  SSL performance has been markedly improved in NextGen 9.5.5.10, though there will still be some performance impact.
To enable SSL on an RSA Security Analytics appliance, refer to the knowledgebase article How to enable SSL communications in RSA Security Analytics.
Legacy Article IDa58709

Attachments

    Outcomes