Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034669 - How to use a SHA256 certificate for the integration with Incident Management in RSA NetWitness Endpoint

Document created by RSA Customer Support

on Jan 13, 2017•Last modified by RSA Customer Support on Mar 17, 2018

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034669
Applies To	RSA Product Set: RSA NetWitness Endpoint RSA Version/Condition: 4.2.x, 4.3.x, 4.4.x Platform: Windows
Issue	In the RSA NetWitness Endpoint 4.2 User Guide, a SHA1 certificate is used in the Incident Management integration instructions. Can a SHA2 / SHA256 certificate be used instead?
Resolution	A SHA256 certificate can be used for the RSA NetWitness Endpoint integration with Incident Management in the RSA NetWitness Platform. Adjust the Incident Management integration instructions in the RSA NetWitness Endpoint 4.2 User Guide by creating a SHA256 certificate on the RSA ECAT Primary ConsoleServer system. The modified create certificate command would be as follows: makecert.exe -pe -n "CN=ecat" -len 2048 -ss my -sr LocalMachine –a sha256 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -in "EcatCA" -is MY –ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -cy end -sy 12 client256.cer This new client256.cer file can then be imported into the RSA ECAT Primary ConsoleServer system, and all the other integration instructions can be followed. Note: This change is for the certificate used when RSA NetWitness Endpoint communicates to Incident Management. The /var/lib/puppet/ssl/certs/ca.pem file on the RSA NetWitness Server (aka Security Analytics Server) which is used for the NetWitness Incident Management to NetWitness Endpoint communication is already a SHA256 certificate. Note: The above command example uses EcatCA, which is the CA issuer certificate common name for RSA NetWitness Endpoint 4.2.x and below. For new install of RSA NetWitness Endpoint 4.3.x and above, or if a new certificate was generated during the upgrade, the new CA issuer certificate common name is NweCA and the command above should be adjusted as needed.
Notes	For a description of where SHA256 fits within the SHA-2 family see this reference: https://en.wikipedia.org/wiki/SHA-2 It mentions, the SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. The makecert.exe program can generate a certificate using the following hash functions: -a <algorithm> The signature's digest algorithm. <md5\|sha1\|sha256\|sha384\|sha512>. Default is 'sha1'

Attachments

Outcomes

0 Comments