NOTE: This Advisory provides updated guidance and KBs that supersedes the related Advisory released on September 26th, 2019.
RSA NetWitness Platform leverages an internal Root Certificate Authority (CA) to issue out certificates to individual services and components to enable secure communications. This Root CA has an expiration that is 5 years from the date of initial installation. If the Root CA is not updated prior to expiration, your system services will lose their ability to securely communicate resulting in a system-wide outage.
Customers Impacted
The Root CA certificate within v10.x of RSA NetWitness Platform is created on the 1st installation with a default length of 5 years. All customers whose initial install was v10.x need to update their certificates as soon as possible. This includes any customers that initially installed v10.x and have since migrated to v11.x. Failure to update certificates prior to their expiration will result in a system outage.
Recommended Actions
To make this easier going forward, we are also planning to add expanded alerting capabilities within a future release to alert Administrators of expiring Certificates and automated certificate refreshes during future upgrades. The above mentioned manual checks are expected to be a temporary measures to mitigate potential outages.
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.