Skip to content
  • There are no suggestions because the search field is empty.

Security Configuration: Customer Provided Certificates

Tags: Version 11.4

The following procedure takes effect when you update to RSA NetWitness Platform 11.2. The procedure tells you how to replace the internally generated NetWitness web server certificate (NGINX front-door) with a customer issued certificate. This enables client browsers to establish a trusted SSL connection.

Caution: The cert files and key files must be .pem format. All the files must have the same name and permissions as the original files generated by NetWitness Platform.

  1. Rename your certificate files and save them in for NGINX.
    • Rename the customer provided cert.pem certificate pem file to web-server-cert.pem.
    • Rename the customer provided key.pem key pem file to web-server-key.pem.
    • Rename customer provided cert.chain certificate chain file to web-server-cert.chain.
    • Rename cert.p7b certificate p7b file to web-server-cert.p7b.
  2. SSH to the NW Server.
  3. Replace the existing NetWitness Platform generated /etc/pki/nw/web/web-server-cert.pem, /etc/pki/nw/web/web-server-key.pem, /etc/pki/nw/web/web-server-cert.chain and /etc/pki/nw/web/web-server-cert.p7b files with the files you renamed in step 1.
  4. Restart NGINX service.
    service nginx restart

To convert a PFX certificate file to PEM certificate file.

  1. Open the .pfx file using text editor.

  2. Copy the content that begins with “----BEGIN PRIVATE KEY---” and ends with “---END PRIVATE KEY----”.

  3. Create a new file and paste the copied content and name it as “web-server-key.pem”.

  4. From .pfx file copy the server certificate and other CA certificates.

  5. Create a new file and paste the copied certificates and name it as “web-server-cert.pem”. Make sure the order is as follows in the web-server-cert.pem file:
    • Server Certificate
    • CA Certificate
    • Sub CA (if any)

Note: Additionally, you can set the custom server certificates from the UI. For more information, see the "Import an NW Server Certificate with its Private Key" section in the System Security and User Management Guide.

Previous Topic: Supporting Users
You are here
Table of Contents > Appendix A. Customer Provided Certificates