NOTE: This Advisory provides updated guidance and KBs that supersedes the related Advisory released on September 26th, 2019.
RSA NetWitness Platform leverages an internal Root Certificate Authority (CA) to issue out certificates to individual services and components to enable secure communications. This Root CA has an expiration that is 5 years from the date of initial installation. If the Root CA is not updated prior to expiration, your system services will lose their ability to securely communicate resulting in a system-wide outage.
The Root CA certificate within v10.x of RSA NetWitness Platform is created on the 1st installation with a default length of 5 years. All customers whose initial install was v10.x need to update their certificates as soon as possible. This includes any customers that initially installed v10.x and have since migrated to v11.x. Failure to update certificates prior to their expiration will result in a system outage.
- If you are running v10.6.x, RSA recommends you follow KB 000037999 - Reissuing security certificates on RSA NetWitness Platform 10.6.x to update your certificates.
- If you are running v11.x, RSA recommends you follow KB000038001 - Reissue root CA security certificates on RSA NetWitness Platform 11.x to update your certificates.
To make this easier going forward, we are also planning to add expanded alerting capabilities within a future release to alert Administrators of expiring Certificates and automated certificate refreshes during future upgrades. The above mentioned manual checks are expected to be a temporary measures to mitigate potential outages.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.