How to configure SSL encryption for SEE client and SEE server communication.

Article:TECH166373  |  Created: 2011-08-03  |  Updated: 2012-11-02  |  Article URL http://www.symantec.com/docs/TECH166373
Article Type
Technical Solution


Issue



Configure secure communication between SEE client and SEE Manager.


Solution



 

1. Install an Enterprise Certificate Authority on a different server to the SEEMS server.
2. From the SEEMS server, log on to the CA web interface and download the CA certificate.
3. Browse to the local host site to request certificate. Example : http://localhost/certsrv

 

4. Once you are on the Microsoft Certificate page, click on "Download a CA certificate chain or CRL"
5. On the next page click on Download CA Certificate and save it on your local hard drive
6. On the SEEMS server, install the CA certificate as “rootcert.cer” in the “Trusted Root Certification Authorities” certificate store.
 
How to add the root certificate under "Trusted Root Certificate Authorities"
 
1. Click Start and go to Run and type MMC
2. Select File and click on Add\Remove Snap-in and add certificate and click Add again
3. Expand "Trusted Root Certification Authorities" and right click on Certification and click on import
4. Browse to the certificate that you downloaded from the Microsoft Certificate page. Example http://localhost/certsrv
5. Click Next and select "Place all certificates in the following store".

 

Note : By default the Certificate store should be Trusted Root Certification Authorities
 
6. Click Next and click Finish.
 
7. Install the SEE Manager server and keep the SEEMS Configuration Wizard default and click OK
8. Open the IIS and under "“Symantec Endpoint Encryption Services” website right click and select Properties
9. Select "Directory security" and click on Server Certificates
10.Choose to generate a new Server certificate
11.Choose “Prepare request now but send it later”.
12.Complete your organizations details:
13.Save the request as “certreq.txt”.
 
14.Log on to the CA web interface and select “Request a certificate

 

15. Click on “Advanced certificate Request

 

16. Select the option: "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file..."

 

17. Browse for, or copy paste the data from, the file certreq.txt.
 
18. Ensure that the Certificate Template option “Web Server” is selected.

 

19. Click Submit and on the next page click on Download Certificate

 

20. Now open the IIS Manager and go to the Properties of “Symantec Endpoint Encryption Services”. Click on Directory Security and click on Server Certificate.
 
21. Select Process the pending request and install the certificate

 

22.Browse and select the certificate that you downloaded from http://localhost/certsrv

 

23.Complete the Wizard.
 
24. Open the SEEMS Configuration Wizard and you will find the Server-Side TLS/SSL Certificate

 

25. Now click on the Browse on the Client-Side TLS/SSL Certificate and browse to the certificate.

26. Create the Framework client package




Article URL http://www.symantec.com/docs/TECH166373


Terms of use for this information are found in Legal Notices