000034669 - How to use a SHA256 certificate for the integration with Incident Management in RSA NetWitness Endpoint

Document created by RSA Customer Support Employee on Jan 13, 2017Last modified by RSA Customer Support on Mar 17, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000034669
Applies ToRSA Product Set: RSA NetWitness Endpoint
RSA Version/Condition: 4.2.x, 4.3.x, 4.4.x
Platform: Windows
IssueIn the RSA NetWitness Endpoint 4.2 User Guide, a SHA1 certificate is used in the Incident Management integration instructions. Can a SHA2 / SHA256 certificate be used instead?
ResolutionA SHA256 certificate can be used for the RSA NetWitness Endpoint integration with Incident Management in the RSA NetWitness Platform.

Adjust the Incident Management integration instructions in the RSA NetWitness Endpoint 4.2 User Guide by creating a SHA256 certificate on the RSA ECAT Primary ConsoleServer system.

The modified create certificate command would be as follows:
makecert.exe -pe -n "CN=ecat" -len 2048 -ss my -sr LocalMachine –a sha256 -sky exchange -eku -in "EcatCA" -is MY –ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -cy end -sy 12 client256.cer

This new client256.cer file can then be imported into the RSA ECAT Primary ConsoleServer system, and all the other integration instructions can be followed.

Note: This change is for the certificate used when RSA NetWitness Endpoint communicates to Incident Management.
The /var/lib/puppet/ssl/certs/ca.pem file on the RSA NetWitness Server (aka Security Analytics Server) which is used for the NetWitness Incident Management to NetWitness Endpoint communication is already a SHA256 certificate.

Note: The above command example uses EcatCA, which is the CA issuer certificate common name for RSA NetWitness Endpoint 4.2.x and below.  For new install of RSA NetWitness Endpoint 4.3.x and above, or if a new certificate was generated during the upgrade, the new CA issuer certificate common name is NweCA and the command above should be adjusted as needed.

NotesFor a description of where SHA256 fits within the SHA-2 family see this reference: https://en.wikipedia.org/wiki/SHA-2

It mentions, the SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits:
SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.

The makecert.exe program can generate a certificate using the following hash functions:
-a   <algorithm>    The signature's digest algorithm.
                        <md5|sha1|sha256|sha384|sha512>.  Default is 'sha1'