Article Content
Article Number | 000034669 |
Applies To | RSA Product Set: RSA NetWitness Endpoint RSA Version/Condition: 4.4.x Platform: Windows |
Issue | In the RSA NetWitness Endpoint 4.4 User Guide, a SHA1 certificate is created in the Incident Management integration instructions. Can a SHA2 / SHA256 certificate be used instead? |
Resolution | A SHA256 certificate can be used for the RSA NetWitness Endpoint integration with Incident Management in the RSA NetWitness Platform. Adjust the Incident Management integration instructions in the RSA NetWitness Endpoint 4.4 User Guide to instead create a SHA256 certificate on the RSA ECAT Primary ConsoleServer system. The modified create certificate command would be as follows:
This new client256.cer file can then be imported into the RSA ECAT Primary ConsoleServer system, and all the other integration instructions can be followed. Note: This change is for the certificate used when RSA NetWitness Endpoint communicates to Incident Management. Note: The above command example uses NWECA, which is the CA issuer certificate common name for RSA NetWitness Endpoint 4.3.x and above. |
Notes | For a description of where SHA256 fits within the SHA-2 family see this reference: https://en.wikipedia.org/wiki/SHA-2 It mentions, the SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. The makecert.exe program can generate a certificate using the following hash functions: -a <algorithm> The signature's digest algorithm. <md5|sha1|sha256|sha384|sha512>. Default is 'sha1' |