Summary:
The RSA NetWitness Platform leverages an internal Root Certificate Authority (CA) to issue out certificates to individual services and components to enable secure communications. The service certificates issued by the Root CA have a validity of 1000 days from issue and should be re-issued prior to their expiration date in order to avoid a system-wide outage.
If your service certificates have already expired, please reach out to RSA Support to discuss further options.
Customers Impacted
The service certificates within the RSA Netwitness Platform are issued at the time the node is first deployed, and the default validity is 1000 days. Version upgrades do not currently change this validity. All customers running the RSA Netwitness Platform version 11.x for at least 2 years are recommended to check the validity of their service certificate using the following command on the RSA Netwitness Admin Server:
openssl x509 -enddate -noout -in /etc/pki/nw/service/rsa-nw-security-server-cert.pem
If the expiration date of this cert fails within the next quarter, please perform the Recommended Actions at first available opportunity before the expiration date.
Recommended Actions
- Please refer to the knowledge base article entitled Sys Maintenance: Reissue Certificates and follow the instructions under the section ‘Reissuing Service Certificate’ to renew the service certificates for services in all hosts of your RSA NetWitness Platform deployment.
Currently only customers running RSA NetWitness Platform versions 11.4 and above receive an alert with respect to their certificate validity at login.
For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.
