Security Configuration Guide for Version 11.1 - https://community.rsa.com/docs/DOC-90913
Page 64
Appendix A: Customer Provided Certificates
The following procedure takes effect when you update to NetWitness Suite 11.1. The procedure tells you how to replace the internally generated NetWitness Suite web server certificate (NGINX front-door) with a customer issued certificate. This enables client browsers to establish a trusted SSL connection.
Caution: Files for the cert and key files must be .pem format. All the files must have same name and permissions as the original files generated by NetWitness Suite.
- Rename your certificate files and save them for NGINX.
- Rename the customer provided cert.pem certificate pem file to web-servercert.pem
- Rename the customer provided key.pem key pem file to web-server-key.pem
- Rename customer provided cert.chain certificate chain file to web-servercert.chain
- Rename cert.p7b certificate p7b file to web-server-cert.p7b
- SSH to the NW Server.
- Replace the existing NetWitness Suite generated certificates with the files you renamed in step 1.
- /etc/pki/nw/web/web-servercert.pem
- /etc/pki/nw/web/web-server-key.pem
- /etc/pki/nw/web/webserver-cert.chain
- /etc/pki/nw/web/web-server-cert.p7b
- Restart NGINX service
service nginx restart
