|Applies To||RSA Product Set: RSA NetWitness Endpoint|
RSA Version/Condition: 4.2.x
|Issue||The NetWitness Endpoint 4.2 User Guide, Incident Management Integration uses a sha1 certificate. Can a sha256 certificate be used instead?|
|Resolution||A sha256 certificate can be used for the NetWitness Endpoint integration with NetWitness Incident Management.|
Modify the NetWitness Endpoint 4.2 User Guide, Incident Management Integration instructions, by creating a sha256 certificate on the ECAT Primary ConsoleServer system.
The modified create certificate command would be,
makecert.exe -pe -n "CN=ecat" -len 2048 -ss my -sr LocalMachine –a sha256 -sky exchange -eku 18.104.22.168.22.214.171.124.2 -in "EcatCA" -is MY –ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -cy end -sy 12 client256.cer
This new client256.cer file can then be imported into the ECAT Primary ConsoleServer system, and all the other integration instructions can be followed.
Note: This change is for the certificate used when NetWitness Endpoint communicates to NetWitness Incident Management.
The NetWitness SA Server /var/lib/puppet/ssl/certs/ca.pem file which is used for the NetWitness Incident Management to NetWitness Endpoint communication is already a sha256 certificate.