Endpoint Protection

 View Only
Expand all | Collapse all

How to install the proper SSL certificate into the SEPM server ?

  • 1.  How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 18, 2012 10:29 AM

    Hi All,

    Does anyone know how to install the SSL certificate that my company have (from Thawte) to secure the SEPM web console ?



  • 2.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 18, 2012 10:45 AM


  • 3.  RE: How to install the proper SSL certificate into the SEPM server ?

    Trusted Advisor
    Posted Jul 18, 2012 10:54 AM

    Hello,

    For instructions to add the security certificate to Internet Explorer, see the Symantec Technical Support knowledge base article,How to add the self-signed certificate for Symantec Protection Center or Symantec Endpoint Protection Manager to Internet Explorer.

    You may need to accept the self-signed certificate that is required by Symantec Endpoint Protection Manager.

    See Accepting the self-signed certificate for Symantec Endpoint Protection Manager.

    Logging on to the Symantec Endpoint Protection Manager console http://www.symantec.com/docs/HOWTO55401

    Also, Check this Article:

    Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients

    http://www.symantec.com/docs/TECH162326

    Hope that helps!!


  • 4.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 18, 2012 11:00 AM

    You cannot change the SSL Certificate used to access the SEPM Console.  The only way around the "untrusted certificate" message is to download and install the SEPM's self-signed one generated during installation ("Thumbs Up" to VJWare btw!)

    Mithun's article is on applying SSL to the comms between your SEP clients the the SEPM.  Client communications use a separate port and web server within the SEPM, which is why this one can use a trusted cert.



  • 5.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 18, 2012 11:16 AM

    ok, So in this case if I understand correctly is that I cannot reuse the existing SSL certificate owned by my domain into SEPM ?



  • 6.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 18, 2012 11:23 AM

    ...on where you want to put the cert.

    So you can't use it to replace the cert used to log into the console, but you can use it to encrypt client/server comms.

    It's the former that gets the most questions asked about it, and assuming that's what you want, I'm afraid the answer is no crying



  • 7.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 21, 2012 06:26 PM

    Hi Dushan

    We are requesting the same in another forum discussion. Have you found any solution maybe?

    https://www-secure.symantec.com/connect/forums/configuring-sepm-use-trusted-ssl-certificate-communication#comment-7432721



  • 8.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 22, 2012 09:11 PM

    Hi Elements_Media,

    So far now I haven't found how to make the SSL certificate encrypt the communication link between the SEPM and the client or my laptop when accessing the web management console.

    If you found one, can you please update me as well smiley



  • 9.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 22, 2012 09:12 PM

    Hi Mithun,

    I'm using SEPM v11.0.6 server not version 12 yet.



  • 10.  RE: How to install the proper SSL certificate into the SEPM server ?
    Best Answer

    Posted Jul 23, 2012 05:36 AM

    The communications used when accessing the SEPM's web console are encrypted.  This traffic is encrypted using the SEPM's own self-signed certificate (and therefore untrusted by your machines by default), which is the reason behind the certificate warnings you receive.

    You don't need to do anything to add SSL encryption for console access, it is already there.



  • 11.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 23, 2012 09:03 AM

    SMLatCST,

    So in this case I can just safely ignore the red warning in my browser about the untrusted SSL certificate?

    because it doesn't make any more secure by installing the SSL certificate into the browser.



  • 12.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 23, 2012 09:32 AM

    The only thing installing the cert does is save you an additional button click to continue to the page wink



  • 13.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 23, 2012 05:38 PM

    SMLatCST has it correctly.

    It is an unfortunate behaviour of browser manufacturers and how SSL certificates are used. SSL encrypts the traffic, it does not authenticate the person/server. Encryption on everything should be the norm in my opinion. Now, getting authentication right, that's a can of worms. Remember, by default your browser trusts every major CA out there. That includes the usual suspects from China & Russia & Nigeria & even Diginotar from Holland. Only with new Windows updates is trusting Diginotar removed. I deally, your browser should only trust those CAs for websites you regularly visit and know to be legitimate.



  • 14.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 23, 2012 07:52 PM

    yes, now I understand the reason behind, thanks all for the explanation and updates.

    Cheers !



  • 15.  RE: How to install the proper SSL certificate into the SEPM server ?

    Posted Jul 24, 2012 05:31 AM

    Still... to use an self signed certificate is not a good idea! This is widening the attack surface!