.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Custom Certificate Issue in CCM
Issue
Invalid certificate issue occurs in CCM when the customer uses proxy and custom certificate. The following error is received in CCM:org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://cms.netwitness.com:443/authlive/authenticate/CMS": Certificate not verified.; nested exception is javax.net.ssl.SSLException: Certificate not verified.
Cause
Case1:
There are few customers who use custom certificate. Since this certificate is unknown to NetWitness, CCM fails to connect to Live. Hence, customers cannot use CCM
Case2:
There are few customers who use the firewall. In such a case, the issue occurs when the correct URL is not whitelisted.
Resolution
Case1: Resolution1:
- Use the following opensll command to see the certificate:
For example:
openssl s_client -showcerts -connect cms.netwitness.com:443
- Ask customer for custom certificate (.pem format).
- Import the custom certificate using the below command:
For example:
keytool -importcert -trustcacerts -keystore /etc/pki/ca-trust/extracted/java/cacerts -storepass changeit -noprompt -alias entrustG2 -file /root/rachit/entrustG2.pem
Case1: Resolution2:
Ask customer to by pass the url *. netwitness.com in the proxy config.Case2: Resolution:
If customers are using firewall, then they should whitelist the URL live.netwitness.com. The cms.netwitness.com redirects to live.netwitness.com.Product Details
RSA Product Set: NetWitness PlatformRSA Product/Service Type: RSA NetWitness Platform
RSA Version/Condition: 12.0 and later
Platform: CCM
O/S Version: 6/7
Approval Reviewer Queue
Technical approval queue