How to install custom SSL (HTTPS) certificate in RSA NetWitness web UI (11.3.1.1)

Question

RSA NetWitness's web user interface (11.3.1.1) comes with self-signed cert that isn't trusted in my enterprise. How can I install a custom SSL certificate on the web user interface so that users aren't presented with a certificate error?

I already have the SSL certificate signed by my internal CA and associated key.

Answer 1

Starting with the PEM (base64) certificate (fqdn.cer) and its private key (fqdn.key), here are the steps I used to install the custom SSL (HTTPS) certificate:

1. Open fqdn.cer in Windows and export the root certificate as root.cer (base64)
2. Open fqdn.cer in Windows and export the intermediate certificate as intermediate.cer (base64)
3. Concatenate intermediate.cer and root.cer to create chain.cer.
4. Create a p7b file with all certificates:

openssl crl2pkcs7 -nocrl -certfile fqdn.cer -certfile chain.cer -out fqdn.p7b

5. Convert the RSA key to PKCS#1 (should begin with ----BEGIN RSA PRIVATE KEY---- ):

openssl rsa -in "fqdn.key" -out "fqdn.key2"

7. Backup existing certs:

mkdir /root/default_certs
cp /etc/pki/nw/web/web-server-* /root/default_certs

8. Copy (and overwrite) with new certs:

cp fqdn.key2 /etc/pki/nw/web/web-server-key.pem
cp fqdn.cer /etc/pki/nw/web/web-server-cert.pem
cp chain.cer /etc/pki/nw/web/web-server-cert.chain
cp fqdn.p7b /etc/pki/nw/web/web-server-cert.p7b

9. Restart nginx:

service nginx restart

References:

• https://community.rsa.com/thread/199013
• https://community.rsa.com/servlet/JiveServlet/downloadBody/96728-102-3-264225/SecConf.pdf