You can use a third-party certificates from a trusted CA with SEPM 12.1. Please follow the below mentioned steps -
1. Click Start --> Run: CMD<enter>
Browse to the SEPM\apache\bin directory, the command should be:
cd "\Program Files\Symantec Protection Center\apache\bin"<enter>
Enter the following series of commands:
openssl req -config ..\conf\ssl\openssl.cnf -new -out request.csr -keyout clientserver.pem
NOTE: When asked what is the 'common name', enter the host name of the server. This will allow you to use the "Verify SSL" feature later on if needed.
openssl rsa -in clientserver.pem -out ..\conf\ssl\clientserver.key
openssl x509 -in request.csr -out ..\conf\ssl\clientserver.crt -req -signkey ..\conf\ssl\clientserver.key -days 365
Open the sslForClients.conf file with is located at %SEPM%\apache\conf\ssl\sslForClients.conf.
1. Open %SEPM%\apache\conf\ssl\httpd.conf.
2. Look for the following line:
#Include conf/ssl/sslForClients.conf
Uncomment the line, by deleting # from line:
#Include conf/ssl/sslForClients.conf
So the line would look like:
Include conf/ssl/sslForClients.conf
Save the file.
3. Open the sslForClients.conf file.
Find the two following lines:
SSLCertificateFile "conf/ssl/server.crt"
SSLCertificateKeyFile conf/ssl/server.key
Update them to show:
SSLCertificateFile "conf/ssl/clientserver.crt"
SSLCertificateKeyFile conf/ssl/clientserver.key
Save and close the sslForClients.conf file.
Restart Apache. You can either open the services menu and restart Symantec Protection Center Webserver, or you can type net stop/start semwebsrv at the command prompt.
Now you can log into your SEPM server and create or modify a Management Server List using SSL. The default port SSL port for Apache is TCP port 443.