000034571 - Issues setting up Bluecoat with FTPS on an RSA NetWitness Log Collector

Document created by RSA Customer Support Employee on Dec 29, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034571
Applies ToRSA Product Set: Security Analytics, NetWitness Logs and Packets
RSA Product/Service Type: Log Collector, Security Analytics Server
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
IssueWhile working on getting some Bluecoat devices to use FTPS you may discover that the original certificates issued on the Log Collector will not work.
ResolutionUse the Puppet CA (SA Server) to create a new certificate using the IP address as the CN.
Then have the puppet CA certificate added to the Bluecoat trusted certificate store.
You can then configure the Bluecoat to send the logs to the IP address that matches the certificate along with the proper user credentials.
NotesA blog post was written on the RSA NetWitness Suite community within RSA Link that explains further how to resolve this issue.