|Applies To||RSA Product Set: RSA NetWitness Endpoint|
RSA Version/Condition: 4.4.x
|Issue||In the RSA NetWitness Endpoint 4.4 User Guide, a SHA1 certificate is created in the Incident Management integration instructions.|
Can a SHA2 / SHA256 certificate be used instead?
|Resolution||A SHA256 certificate can be used for the RSA NetWitness Endpoint integration with Incident Management in the RSA NetWitness Platform.|
Adjust the Incident Management integration instructions in the RSA NetWitness Endpoint 4.4 User Guide to instead create a SHA256 certificate on the RSA ECAT Primary ConsoleServer system.
The modified create certificate command would be as follows:
This new client256.cer file can then be imported into the RSA ECAT Primary ConsoleServer system, and all the other integration instructions can be followed.
Note: This change is for the certificate used when RSA NetWitness Endpoint communicates to Incident Management.
Note: The above command example uses NWECA, which is the CA issuer certificate common name for RSA NetWitness Endpoint 4.3.x and above.
|Notes||For a description of where SHA256 fits within the SHA-2 family see this reference: https://en.wikipedia.org/wiki/SHA-2|
It mentions, the SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits:
SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
The makecert.exe program can generate a certificate using the following hash functions:
-a <algorithm> The signature's digest algorithm.
<md5|sha1|sha256|sha384|sha512>. Default is 'sha1'