Disable PKI

Note: If NetWitness users or Administrators are unable to access the NetWitness UI and want to use user name and password based authentication, you must disable PKI using the command line. See, Disable PKI using command line.

Disable PKI Authentication

  1. Go to netwitness_adminicon_25x22.png (Admin) > Security.
    The Security view is displayed with the Users tab open.
  2. Click the PKI Settings tab.
  3. In the PKI Based Authentication Status section, select Disabled.
    The PKI Based Authentication Disabled dialog is displayed.
    netwitness_applypkiconfig.png
  4. Click Yes.

Note: After disabling the PKI, wait for some time, close the browser, and open NetWitness in a new browser.

Disable PKI using command line

You can disable PKI using either of the following two methods.
Method 1: Using nw-shell

  1. SSH to access root@node-0.
  2. Run the following command:
    1. nw-shell.
    2. login {Enter the username and password to login}
    3. connect --service orchestration-server
    4. cd /rsa/orchestration/userpki/disable-pki-on-hosts
    5. invoke
    6. connect --service admin-server
    7. cd /rsa/security/authentication/web/pki-enabled
    8. set false
    9. cd/rsa/security/pki/client-auth
    10. set WANT
    11. exit
    12. systemctl restart rsa-nw-admin-server
    13. systemctl restart rsa-nw-security-server

Note: The command systemctl restart rsa-nw-admin-server restarts the admin server and systemctl restart rsa-nw-security-server restarts the security server.

Method 2: Using orchestration-cli-client
1. SSH to access root@node-0.
2. Run the following command:
     orchestration-cli-client --disable-pki -o <host-uuid>
     Replace <host-uuid> with the unique identifier of the host where you want to disable PKI.

Notify Certificate Renewal

From NetWitness 12.5 or later, customers have the option to configure the Certificate Renewal Notification. By default, the notification is set to 31 days before the certificate expires. However, customers now have the flexibility to choose a notification period of up to 240 days before the certificate expiration date.

  1. Go to netwitness_adminicon_25x22.png (Admin) > Security.
    The Security view is displayed with the Users tab open.
  2. Click the PKI Settings tab.
    12.5_Certificate Renewal 120 days_new.png
  3. Select the days between 31 and 240 from the Notify dropdown.
  4. Click Apply.
    The Certificate Renewal Notification dialog is displayed.
    12.5_Certficate Renewal_Yes_latest.png
  5. Click Yes.