Enabling SSL for the Apache web server for client communication

Article:HOWTO81055  |  Created: 2012-10-24  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO81055
Article Type
How To


Subject


Enabling SSL for the Apache web server for client communication

You edit the httpd.conf file to enable Secure Sockets Layer (SSL) communication between the Symantec Endpoint Protection Manager server and the clients.

If you need to use an alternate port for SSL communication, you must change the port assignment in Symantec Endpoint Protection Manager first.

To enable SSL for the Apache web server

  1. In a text editor, open the following file:

    %SEPM%\apache\conf\httpd.conf

    Where %SEPM% is the Symantec Endpoint Protection Manager installation folder.

  2. Find the following entry and remove the hash mark (#) from the text string:

    #Include conf/ssl/sslForClients.conf

  3. Save and then close the file.

  4. Restart the Symantec Endpoint Protection Manager Webserver service.

    See Stopping and starting the Apache Web server.

To verify SSL works correctly

  1. Enter the following URL in a web browser:

    https://ServerHostName:port/secars/secars.dll?hello,secars

    Where ServerHostName is the computer name for Symantec Endpoint Protection Manager and port is the port number. By default, SSL traffic uses port 443.

  2. If the browser displays the word "OK", the SSL connection is successful.

    If a page error displays, repeat the previous steps and check that you formatted all strings correctly. Also check that you entered the URL correctly.

To switch the clients to use SSL for communication with Symantec Endpoint Protection Manager

  1. In the Symantec Endpoint Protection Manager console, on the Policies tab, click Policy Components > Management Server Lists.

  2. Double-click the management server list that your client groups and locations use. If you only have the default management server list, duplicate it, and then double-click the new list to edit it.

    See Copying and pasting a policy on the Policies page.

  3. Click Use HTTPS protocol.

    Only click Verify certificate when using HTTPS protocol if you have previously updated the management server with a Certificate Authority-signed certificate and a private key pair.

    See Best practices for updating server certificates and maintaining the client-server connection.

  4. Click OK.

  5. If you edited a copy of the default management server list, right-click it, click Assign, and then assign it to every group and location.

    See Assigning a management server list to a group and location.

As the clients receive the updated management server list, the clients switch to HTTPS for communication with Symantec Endpoint Protection Manager.

See Changing the SSL port assignment in Symantec Endpoint Protection Manager.

See Configuring SSL between Symantec Endpoint Protection Manager and the clients.


Legacy ID



v57069724_v81626096


Article URL http://www.symantec.com/docs/HOWTO81055


Terms of use for this information are found in Legal Notices