How to add a Signed Certificate to the SSIM Client

Article:TECH94042  |  Created: 2009-01-18  |  Updated: 2011-06-28  |  Article URL http://www.symantec.com/docs/TECH94042
Article Type
Technical Solution

Product(s)

Issue



How to add a Signed Certificate to the SSIM Client.


Environment



 Important Information Regarding Security Information Manager versions and what encryption bit level is supported.

 
  • For SSIM servers running SSIM 4.7 MP2 and earlier, 1024bit is the maximum bit size for certificates.
  • For SSIM servers running SSIM 4.7 MP3 and later, 2048bit is the maximum bit size for certificates.
  • NOTE: 4096bit certificates are currently NOT supported on any version of SSIM.

 


Solution



When a Signed Certificate is imported to the Symantec Security Information Manager (SSIM), it requires the SSIM Client to have the same certificate information.

Note: Before you can successfully connect with the SSIM Client using the Signed Certificate, the SSIM must have been restarted after the Signed Certificate was received.

To apply the same Signed Certificate information from the SSIM to the SSIM client

    1. Connect to the SSIM with an SCP client (i.e. WinSCP).
    2. Navigate on the SSIM to /opt/jdk/jre/lib/security
    3. Copy the cacerts file off the SSIM either to a temporary location.
    4. Move the cacerts file to the SSIM Clients security directory.
      By default this is C:\Program Files\Symantec\Security Information Manager\jre\vm\lib\security
    5. If the SSIM Client is currently open, you must close and open the console for it to use the new certificate information.




Legacy ID



2009051814210254


Article URL http://www.symantec.com/docs/TECH94042


Terms of use for this information are found in Legal Notices