This topic provides an overview of PKI authentication and how it is used to access NetWitness Suite User Interface (UI).
In 10.5.0.2 or later, PKI authentication can be used to access the NetWitness Suite UI. PKI allows users to authenticate and access the NetWitness Suite UI using digital certificates.
Certificates are issued by a Third-Party Certificate Authority (CA) (external to NetWitness Server). The following categories of certificates are required for PKI authentication:
- NetWitness Server certificate (private key and its chain)
- Trusted CA certificates
- User certificate (issued by CA)
NetWitness Server Certificate
This certificate is used by NetWitness Server to present its identity. This certificate is issued by a trusted CA. When a user accesses the NetWitness Suite UI using HTTPS, this certificate is presented to the user in the web browser.
Trusted CA Certificates
These are collection of CA certificates. NetWitness Server uses these certificates as the trusted authorities to validate the certificate provided by the user. If the user does not have a certificate signed by one of these CA(s), the user is not allowed to access the NetWitness Suite UI.
This certificate is used by the NetWitness Suite user to present the user's identity. This certificate is issued by a CA that is trusted by the users. The user certificates, by default, are identified by most browsers. In case the certificates are not identified, the user must import the certificates into browser certificates store.
NetWitness Suite PKI Authentication Workflow
The following figure shows how the user can access NetWitness Suite using PKI authentication.
The following points explain the workflow of the above figure.
- User tries to access the NetWitness Suite UI using the web browser. For example, https://nw-host/login.
- The user is prompted to select the user certificate.
- User selects the certificate. The browser sends the selected certificate to the NetWitness Server for authentication.
- If the authentication is successful, the NetWitness Server authorizes the user based on the user groups configured on the Active Directory Server(s).
- If the user authentication and authorization are successful, the NetWitness Suite dashboard is displayed.