About server certificate types

Article:HOWTO55397  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55397
Article Type
How To


About server certificate types

Digital certificates are the industry standard for authenticating and encrypting sensitive data. If you want to prevent the reading of information as it passes through routers in the network, you need to encrypt the data. Therefore you need a digital certificate that uses the HTTPS protocol.

As part of this secure procedure, the server identifies and authenticates itself with a server certificate. Symantec uses the HTTPS protocol for the communication between all the servers, clients, and optional Enforcers in a network.

You must also enable encryption on Symantec Endpoint Protection Manager so that the server identifies and authenticates itself with a server certificate. If you do not enable this option, then the installation of a digital certificate is not effective.

The management server supports the following types of certificate:

  • JKS keystore file (.jks)

    A Java tool that is called keytool.exe generates the keystore file. Symantec supports only the Java Key Standard (JKS) format. The Java Cryptography Extension (JCEKS) format requires a specific version of the Java Runtime Environment (JRE). The management server supports only a JCEKS keystore file that is generated with the same version as the Java Development Kit (JDK) on the management server.

    The keystore must contain both a certificate and a private key. The keystore password must be the same as the key password.

  • PKCS12 keystore file (.pfx and .p12)

  • Certificate and private key file (DER and PEM format)

    Symantec supports unencrypted certificates and private keys in the DER or the PEM format. PKCS8-encrypted private key files are not supported.

You may want to back up the information about the certificate as a safety precaution. If the management server is damaged or you forget the keystore password, you can easily retrieve the password.

See Updating a server certificate.

See Backing up a server certificate.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO55397

Terms of use for this information are found in Legal Notices