The NetWitness Peer-to-Peer network (Nebula) is secured with PKI based transport encryption. A Certificate Authority (CA) is created on the Admin Server and all SASE based nodes, the PPN-Server (Lighthouse) and the Admin Server are all issued and configured with node certificates to enable secure internode communication.

The Nebula certificates are created with expirations that match the Platform based certificate policy. The Nebula CA Certificate is issued with a 10-year expiration while the node certificates have a 3-year expiration.

All Certificates (CA and node certs) can be reissued via the following command:

nw-create-cloud-hybrid --reissue-all-certs





Optional Name of deployment model in template

defaults to pre-defined 'gcp default'


Optional Cloud Service Account Json-based key data path

GCP will default to /root/.gcp/gcp-auth-token.json

This command replaces all Nebula specific certificates in the SASE Deployment.