Sec/User Mgmt: Step 3. Import Server Certificate and Trusted CA Certificate 81223

Document created by RSA Information Design and Development on Sep 19, 2017Last modified by RSA Information Design and Development on Oct 2, 2017
Version 3Show Document
  • View in full screen mode
 

This topic describes the procedure to import a NetWitness Server certificate with its key and trusted Certificate Authority (CA) certificate required to enable Public Key Infrastructure (PKI) authentication.

Prerequisites

Make sure that you have:

  • Configured Active Directory to enable authentication for external groups. For more information, see Configure Active Directory.
  • Mapped external groups to NetWitness Suite user roles. For more information, see to Step 2. Map User Roles to External Groups.
  • The NetWitness Server certificate with its private key. For more information, see Step 5. Use Custom Server Certificate.
  • The trusted CA certificates. This can be the root CA's or Intermediate CA's certificate up to root CA.
  • The NetWitness Suite user certificate signed by one of the trusted CAs in the NetWitness Server.

Supported Certificate Formats

The following certificate formats are supported. You must select the format that meets your requirement:

  • For server certificate with its private key:
    • pkcs12 or .p12 
    • jks
    • pfx   
  • For trusted CA certificate:
    • pkcs12 or .p12 
    • jks 
    • pfx
    • pem
    • crt
    • der
    • cer

Note: The .pfx, .p12, .jks are containers that can contain one or more private keys and its chains or certificates. PEM is a BASE64 encoded certificate that can contain multiple certificates.

Procedures

Import NW Server Certificate with its Private Key

  1. In NetWitness Suite, go to ADMIN > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.
  3. In the Server Certificates section, click The add icon.
    The Import Server Certificates dialog is displayed.
    Import Server Certificates dialog
  4. In the Keystore/Certificate File field, click Browse and select the certificate store.
  5. In the Password field, enter the password of the certificate store.
  6. (Optional) If the user certificate and NetWitness Server certificate are issued by the same CA, select the Import CAs checkox.
  7. Click Save.
    The NetWitness Server certificate with its private key is successfully added to NetWitness Suite.

Note: You can import multiple server certificates with its private keys.

Note: The Import Server Certificates dialog may not close on some browsers, however, the import will be                successfully. To view the imported certificate, refresh the page.

  1. Specify a default server certificate. Select a certificate and click Use as Server Certificate.
    The selected server certificate is highlighted in red.

Import Trusted CAs

  1. In NetWitness Suite, go to ADMIN > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.
  3. In the Trusted CAs section, click The add icon.
    The Import Certificate Authority dialog is displayed.
    Import Certificate Authority dialog
  4. In the CA Store File field, click Browse and select the certificate or certificate store.
  5. In the Password field, enter the password of the certificate or certificate store.

Note: The password is applicable only for .pkcs12 or .p12, .pfx, and .jks certificate store formats.

  1. Click Save.
    The CA certificate is successfully added to the NetWitness Suite Trusted CAs store.

 

Next Step:

Step 4. Configure User Principal Settings

You are here
Table of Contents > Sec/User Mgmt: Step 3. Import Server Certificate and Trusted CA Certificate

Attachments

    Outcomes