Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Configuring SEPM to use trusted SSL certificate for communication

Created: 20 Jul 2012 | 7 comments
Elements_Media's picture

Hi at all

In the following article is described how to implement a trusted SSL certificate on a Symantec Endpoint Protection Manager Server 11.0. http://www.symantec.com/business/support/index?page=content&id=TECH134468

Since SEPM12 is not using IIS anymore the article mentioned above is not usefull in SEPM 12.1 environments. Is there an article which provides the informations how to impelement a trusted SSL certificate for secured encrypted communication between server and client? I'm not looking for an article which provides the information to change the communication port to 443 but an article which gives me all information as provided in TECH134468 but just for SEPM12.1

Thank you for your help.

Comments 7 CommentsJump to latest comment

greg12's picture

This document may help you:

Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients

http://www.symantec.com/docs/TECH162326

Hope this helps!

Elements_Media's picture

Thanks for your link, but this is not a solution. as you see in the article unter Note: if you see a warning that the site is untrusted, this is expected. This article describes enabling SSL using a self-signed (untrusted) certificate. As long as you leave the "Verify certificate..." option unchecked (as described in 4e above), this is not an issue.

We need a way to generate a request as is was possible in SEP11 with IIs to implement a trusted third party certificate.

Elements_Media's picture

Thanks for your Link too, but this is either not a solution. As you can see, the provided forum discussion link has the same problem and still not a solution. We need to generate a request to order a third party trusted certificate, as it was possible in SEP11 with IIS... Or do I misunderstand the provided link from above?

Elements_Media's picture

I mean, is this not relating to a self signed certificate? But if I can connect to the apache server itself, can I just request that as normal in apache? Would that work?

f.e. provided in the following link under point 6.4?http://tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/ssl.html

6.4. How to generate a CSR

CSR or Certificate Signing Request must be sent to the trusted CA for signing. This section discusses howto create a CSR, and send it to the CA of your choice. # openssl req command can be used to a CSR as follows:

# cd /usr/local/apache/conf/
# /usr/local/ssl/bin/openssl req -new -nodes -keyout private.key -out public.csr
Generating a 1024 bit RSA private key
............++++++
....++++++

Thank you very much for your further advice! this would help us a lot!

Mithun Sanghavi's picture

Hello,

Check these Articles:

Configuring SSL between Symantec Endpoint Protection Manager and the clients

http://www.symantec.com/docs/HOWTO55351

Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients

http://www.symantec.com/docs/TECH162326

Enabling SSL Between the Symantec Endpoint Protection Manager and Client

https://www-secure.symantec.com/connect/articles/enabling-ssl-between-symantec-endpoint-protection-manager-and-client

Moreover, incase you are thinking using the SEPM 12.1 webconsole over SSL, check this Thread:

https://www-secure.symantec.com/connect/forums/how-install-proper-ssl-certificate-sepm-server

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Elements_Media's picture

Hi Mithun

Thanks but this doesn't help.

Link1: this is not related to a trusted certificate. This only works for untrusted self signed certificates if I unterstand this right.

Link2: as you can see at the bottom of the article, this is not a solution for trusted certificates --> Note: if you see a warning that the site is untrusted, this is expected. This article describes enabling SSL using a self-signed (untrusted) certificate. As long as you leave the "Verify certificate..." option unchecked (as described in 4e above), this is not an issue.

Link3: same information as Link1... unfortunately no solution.

Link4: as you can, see this person there is requesting for the same, but unfortunately they do not have any solution...

But thanks for your help...

@Symantec: In SEP11 there was a really elegant way to implement a trusted certificate from a external CA (f.e. thawte) but it looks that very many persons are facing the problem that there is no direct way how to implement this in SEP12 (or maybe I we can't find the propper information). Since this is a relevant security issue, this has to be fixed in SEP12. It has to have a way how to implement a trusted certificate. Thanks for any further advice if there is maybe a workarround or propper WHITEPAPERS otherwise please implement this in the next MP.