RSA Product Set: NetWitness Platform
RSA Product/Service Type: RSA NetWitness Platform
RSA Version/Condition: 12.0 and later
O/S Version: 6/7
Invalid certificate issue occurs in CCM when the customer uses proxy and custom certificate. The following error is received in CCM:org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://cms.netwitness.com:443/authlive/authenticate/CMS": Certificate not verified.; nested exception is javax.net.ssl.SSLException: Certificate not verified.
There are few customers who use custom certificate. Since this certificate is unknown to NetWitness, CCM fails to connect to Live. Hence, customers cannot use CCM
There are few customers who use the firewall. In such a case, the issue occurs when the correct URL is not whitelisted.
openssl s_client -showcerts -connect example.com:443For example:openssl s_client -showcerts -connect cms.netwitness.com:443
- Use the following opensll command to see the certificate:
keytool -importcert -trustcacerts -keystore /etc/pki/ca-trust/extracted/java/cacerts -storepass changeit -noprompt -alias <custom-ca-name> -file <path-to-the-cert.pem>For example: keytool -importcert -trustcacerts -keystore /etc/pki/ca-trust/extracted/java/cacerts -storepass changeit -noprompt -alias entrustG2 -file /root/rachit/entrustG2.pem
- Ask customer for custom certificate (.pem format).
- Import the custom certificate using the below command:
Ask customer to by pass the url *.netwitness.com in the proxy config.
If customers are using firewall, then they should whitelist the URL live.netwitness.com. The cms.netwitness.com redirects to live.netwitness.com.