|Applies To||RSA Product Set: RSA NetWitness Endpoint|
RSA Version/Condition: 4.2.x, 4.3.x, 4.4.x
|Issue||In the RSA NetWitness Endpoint 4.2 User Guide, a SHA1 certificate is used in the Incident Management integration instructions. Can a SHA2 / SHA256 certificate be used instead?|
|Resolution||A SHA256 certificate can be used for the RSA NetWitness Endpoint integration with Incident Management in the RSA NetWitness Platform.|
Adjust the Incident Management integration instructions in the RSA NetWitness Endpoint 4.2 User Guide by creating a SHA256 certificate on the RSA ECAT Primary ConsoleServer system.
The modified create certificate command would be as follows:
makecert.exe -pe -n "CN=ecat" -len 2048 -ss my -sr LocalMachine –a sha256 -sky exchange -eku 184.108.40.206.220.127.116.11.2 -in "EcatCA" -is MY –ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -cy end -sy 12 client256.cer
This new client256.cer file can then be imported into the RSA ECAT Primary ConsoleServer system, and all the other integration instructions can be followed.
Note: This change is for the certificate used when RSA NetWitness Endpoint communicates to Incident Management.
Note: The above command example uses EcatCA, which is the CA issuer certificate common name for RSA NetWitness Endpoint 4.2.x and below. For new install of RSA NetWitness Endpoint 4.3.x and above, or if a new certificate was generated during the upgrade, the new CA issuer certificate common name is NweCA and the command above should be adjusted as needed.
|Notes||For a description of where SHA256 fits within the SHA-2 family see this reference: https://en.wikipedia.org/wiki/SHA-2|
It mentions, the SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits:
SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
The makecert.exe program can generate a certificate using the following hash functions:
-a <algorithm> The signature's digest algorithm.
<md5|sha1|sha256|sha384|sha512>. Default is 'sha1'