Endpoint Protection

 View Only
  • 1.  Configuring SEPM to use trusted SSL certificate for communication

    Posted Jul 20, 2012 05:33 PM

    Hi at all

    In the following article is described how to implement a trusted SSL certificate on a Symantec Endpoint Protection Manager Server 11.0. http://www.symantec.com/business/support/index?page=content&id=TECH134468

    Since SEPM12 is not using IIS anymore the article mentioned above is not usefull in SEPM 12.1 environments. Is there an article which provides the informations how to impelement a trusted SSL certificate for secured encrypted communication between server and client? I'm not looking for an article which provides the information to change the communication port to 443 but an article which gives me all information as provided in TECH134468 but just for SEPM12.1

    Thank you for your help.

     



  • 2.  RE: Configuring SEPM to use trusted SSL certificate for communication

    Posted Jul 20, 2012 06:22 PM

    This document may help you:

    Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients

    http://www.symantec.com/docs/TECH162326

    Hope this helps!



  • 3.  RE: Configuring SEPM to use trusted SSL certificate for communication

    Broadcom Employee
    Posted Jul 20, 2012 10:48 PM


  • 4.  RE: Configuring SEPM to use trusted SSL certificate for communication

    Trusted Advisor
    Posted Jul 21, 2012 07:34 AM

    Hello,

    Check these Articles:

    Configuring SSL between Symantec Endpoint Protection Manager and the clients

    http://www.symantec.com/docs/HOWTO55351

    Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients

    http://www.symantec.com/docs/TECH162326

    Enabling SSL Between the Symantec Endpoint Protection Manager and Client

    https://www-secure.symantec.com/connect/articles/enabling-ssl-between-symantec-endpoint-protection-manager-and-client

    Moreover, incase you are thinking using the SEPM 12.1 webconsole over SSL, check this Thread:

    https://www-secure.symantec.com/connect/forums/how-install-proper-ssl-certificate-sepm-server

    Hope that helps!!



  • 5.  RE: Configuring SEPM to use trusted SSL certificate for communication

    Posted Jul 21, 2012 06:02 PM

    Thanks for your link, but this is not a solution. as you see in the article unter Note: if you see a warning that the site is untrusted, this is expected. This article describes enabling SSL using a self-signed (untrusted) certificate. As long as you leave the "Verify certificate..." option unchecked (as described in 4e above), this is not an issue.

    We need a way to generate a request as is was possible in SEP11 with IIs to implement a trusted third party certificate.



  • 6.  RE: Configuring SEPM to use trusted SSL certificate for communication

    Posted Jul 21, 2012 06:07 PM

    Thanks for your Link too, but this is either not a solution. As you can see, the provided forum discussion link has the same problem and still not a solution. We need to generate a request to order a third party trusted certificate, as it was possible in SEP11 with IIS... Or do I misunderstand the provided link from above?



  • 7.  RE: Configuring SEPM to use trusted SSL certificate for communication

    Posted Jul 21, 2012 06:24 PM

    Hi Mithun

     

    Thanks but this doesn't help.

    Link1: this is not related to a trusted certificate. This only works for untrusted self signed certificates if I unterstand this right.

    Link2: as you can see at the bottom of the article, this is not a solution for trusted certificates --> Note: if you see a warning that the site is untrusted, this is expected. This article describes enabling SSL using a self-signed (untrusted) certificate. As long as you leave the "Verify certificate..." option unchecked (as described in 4e above), this is not an issue.

    Link3: same information as Link1... unfortunately no solution.

    Link4: as you can, see this person there is requesting for the same, but unfortunately they do not have any solution...

    But thanks for your help...

    @Symantec: In SEP11 there was a really elegant way to implement a trusted certificate from a external CA (f.e. thawte) but it looks that very many persons are facing the problem that there is no direct way how to implement this in SEP12 (or maybe I we can't find the propper information). Since this is a relevant security issue, this has to be fixed in SEP12. It has to have a way how to implement a trusted certificate. Thanks for any further advice if there is maybe a workarround or propper WHITEPAPERS otherwise please implement this in the next MP.



  • 8.  RE: Configuring SEPM to use trusted SSL certificate for communication

    Posted Jul 21, 2012 07:05 PM

    I mean, is this not relating to a self signed certificate? But if I can connect to the apache server itself, can I just request that as normal in apache? Would that work?

    f.e. provided in the following link under point 6.4?http://tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/ssl.html

    6.4. How to generate a CSR

    CSR or Certificate Signing Request must be sent to the trusted CA for signing. This section discusses howto create a CSR, and send it to the CA of your choice. # openssl req command can be used to a CSR as follows:

    # cd /usr/local/apache/conf/
    # /usr/local/ssl/bin/openssl req -new -nodes -keyout private.key -out public.csr
    Generating a 1024 bit RSA private key
    ............++++++
    ....++++++

    Thank you very much for your further advice! this would help us a lot!