000034669 - How to use sha256 certificate for the integration with NetWitness Incident Management

Document created by RSA Customer Support Employee on Jan 13, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034669
Applies ToRSA Product Set: RSA NetWitness Endpoint
RSA Version/Condition: 4.2.x
Platform: Windows
IssueThe NetWitness Endpoint 4.2 User Guide, Incident Management Integration uses a sha1 certificate. Can a sha256 certificate be used instead?
ResolutionA sha256 certificate can be used for the NetWitness Endpoint integration with NetWitness Incident Management.
Modify the NetWitness Endpoint 4.2 User Guide, Incident Management Integration instructions, by creating a sha256 certificate on the ECAT Primary ConsoleServer system.
The modified create certificate command would be,
makecert.exe -pe -n "CN=ecat" -len 2048 -ss my -sr LocalMachine –a sha256 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -in "EcatCA" -is MY –ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -cy end -sy 12 client256.cer
This new client256.cer file can then be imported into the ECAT Primary ConsoleServer system, and all the other integration instructions can be followed.
Note: This change is for the certificate used when NetWitness Endpoint communicates to NetWitness Incident Management.
The NetWitness SA Server /var/lib/puppet/ssl/certs/ca.pem file which is used for the NetWitness Incident Management to NetWitness Endpoint communication is already a sha256 certificate.

Attachments

    Outcomes