This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Blog
- Acme.sh Integration Guide
SeanDrzewiecki
Contributor
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
2022-02-23
06:11 PM
The instructions below are not officially supported by RSA NetWitness Engineering, Support, or Services. Use at your own risk.
In lab systems, it is often useful to generate an SSL certificate via a provider such as Let's Encrypt or ZeroSSL. Integrating these providers with NetWitness is made easier via the usage of acme.sh, an open source shell script which manages certificate issuance, renewal, and installation for a variety of ACME providers and verification methods.
AdminServer - NW Web UI
- First, install acme.sh, either directly from its GithHub repository, or via a curl command and helper script provided by the project:
curl https://get.acme.sh | sh -s email=webmaster.contact@example.com source /root/.bashrc - The installer should have created a cronjob to handle automatic renewals. If not, add the below to /etc/crontab:
0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null - Next, issue a certificate for your domain using one of the below methods:
- Nginx Integration:
This method requires port 80 of your NetWitness installation to be publicly accessible. This is not recommended for most deployments.acme.sh --issue --nginx -d netwitness.example.com - DNS Integration:
DNS validation methods store the API credentials in /root/.acme.sh/ for usage during renewals
- CloudFlare
export CF_Token="xxxxxxxxxxxxx" export CF_Account_ID="xxxxxxxxxxxxx" acme.sh --issue --dns dns_cf -d netwitness.example.com - AWS Route53:
export AWS_ACCESS_KEY_ID="xxxxxxxxxxxxx" export AWS_SECRET_ACCESS_KEY="xxxxxxxxxxxxx" acme.sh --issue --dns dns_aws -d netwitness.example.com - Further examples and details can be found on the acme.sh wiki.
- CloudFlare
- Nginx Integration:
- Following certificate creation, it is required to add the key to Nginx for usage by the platform. Helpfully, this integration is included with acme.sh:
acme.sh --install-cert -d netwitness.example.com \ --key-file /etc/pki/nw/web/web-server-key.pem \ --fullchain-file /etc/pki/nw/web/web-server-cert.pem \ --reloadcmd "systemctl reload nginx"
LogCollector - VLC TLS
- First, install acme.sh, either directly from its GithHub repository, or via a curl command and helper script provided by the project:
curl https://get.acme.sh | sh -s email=webmaster.contact@example.com source /root/.bashrc - The installer should have created a cronjob to handle automatic renewals. If not, add the below to /etc/crontab:
0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null - Next, issue a certificate for your domain using one of the below methods:
- Standalone HTTP Server:
This method requires port 80 of your NetWitness installation to be publicly accessible. This is not recommended for most deployments.acme.sh --issue --standalone -d vlc.example.com - DNS Integration:
DNS validation methods store the API credentials in /root/.acme.sh/ for usage during renewals
- CloudFlare
export CF_Token="xxxxxxxxxxxxx" export CF_Account_ID="xxxxxxxxxxxxx" acme.sh --issue --dns dns_cf -d vlc.example.com - AWS Route53:
export AWS_ACCESS_KEY_ID="xxxxxxxxxxxxx" export AWS_SECRET_ACCESS_KEY="xxxxxxxxxxxxx" acme.sh --issue --dns dns_aws -d vlc.example.com - Further examples and details can be found on the acme.sh wiki.
- CloudFlare
- Standalone HTTP Server:
- Following certificate creation, it is required to add the key to the log collector. The UI configuration steps can be found in the Log Collection Configuration guide. The below commands make a directory to hold the certificates and configure auto-restart of syslog collection on certificate renewal:
mkdir -p /var/netwitness/logcollector/customcerts acme.sh --install-cert -d vlc.example.com \ --key-file /var/netwitness/logcollector/customcerts/logcollector_key.pem \ --fullchain-file /var/netwitness/logcollector/customcerts/logcollector_cert.pem \ --reloadcmd "NwConsole -q -c tlogin server=127.0.0.1 port=56001 username=admin group=Administrators cert=/etc/pki/nw/node/node.pem -c send /logcollection/syslog restart"
Labels:
1 Comment
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Latest Articles
- Using NetWitness to Detect Phishing reCAPTCHA Campaign
- Netwitness Platform Integration with Amazon Elastic Kubernetes Service
- Netwitness Platform Integration with MS Azure Sentinel Incidents
- Netwitness Platform Integration with AWS Application Load Balancer Access logs
- The Sky Is Crying: The Wake of the 19 JUL 2024 CrowdStrike Content Update for Microsoft Windows and ...
- The Sky Is Crying: The Wake of the 19 JUL 2024 CrowdStrike Content Update for Microsoft Windows and ...
- New HotFix: Addresses Kernel Panic After Upgrading to 12.4.1
- Automation with NetWitness: Core and NetWitness APIs
- HYDRA Brute Force
- DDoS using BotNet Use Case
Labels
-
Announcements
64 -
Events
12 -
Features
12 -
Integrations
15 -
Resources
68 -
Tutorials
32 -
Use Cases
31 -
Videos
119
